Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44373

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...

5.3CVSS5.5AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-44372

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...

6.1CVSS5.4AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 9:16 p.m.11 views

CVE-2026-44373

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...

5.3CVSS0.00392EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:30 p.m.5 views

CVE-2026-44372

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/13 8:30 p.m.8 views

CVE-2026-44372 Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:26 p.m.12 views

CVE-2026-44373

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...

5.3CVSS5.8AI score0.00392EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2026/05/13 8:26 p.m.31 views

CVE-2026-44373 Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...

5.3CVSS0.00392EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/06 11:2 p.m.8 views

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules vulnerability discovered by ? in WordPress Npm nitro versions 3.0.260429-beta...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder