CVE-2026-8363 Gladinet Triofox Stack-based Buffer Overflow in WOSDeviceDropFolder.dll

A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:...

PT-2026-44096

Name of the Vulnerable Software and Affected Versions Gladinet Triofox affected versions not specified Description A stack-based buffer overflow condition exists in the WOSDefaultHttpModule.dll library. This issue occurs when the system processes a long URL path that begins with the '/woshome'...

DEBIAN-CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

CVE-2026-1780

The CRPaid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

PT-2026-22580

Name of the Vulnerable Software and Affected Versions DobryCMS versions prior to 8.0 Description A Blind SQL injection issue exists in DobryCMS. An unauthenticated remote attacker can inject SQL syntax into a URL path, leading to a Blind SQL injection. The vulnerability allows for the injection o...

CVE-2026-1795

The CVE-2026-1795 entry concerns the WordPress plugin Address Bar Ads (≤ 1.0.0). The root cause is insufficient input sanitization and output escaping in the URL Path, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. Affected: Address Bar Ads plugin for WordPress (all versions up to...

EUVD-2025-36367

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

CVE-2022-26121

An exposure of resource to wrong sphere vulnerability CWE-668 in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via...

The vulnerability of the `net/url` function in the Go programming language allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service interruptions.

The vulnerability of the net/url function in the Go programming language is related to an error in processing constructed path names in URL addresses, which leads to authentication bypass. Exploiting this vulnerability allows an attacker to compromise data integrity, gain unauthorized access to...