Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the EntitySearchUtil::addSearchClause function in the autocomplete endpoint. The endpoint constructs SQL query with LIKE expression without escaping the SQL LIKE wildcar...

CVE-2026-3872

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...

EUVD-2017-17760

Malware in sbrugna...

CVE-2025-4232

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root...

CVE-2025-4232 GlobalProtect: Authenticated Code Injection Through Wildcard on macOS

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root...

CVE-2022-39352

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...

CVE-2025-0106

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem...

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects a...

SUSE CVE-2014-1492

The certTestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services NSS before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof...

Spice 安全漏洞

spice is an adaptive telepresence open source protocol used by enterprise virtualized desktop editions. The product is primarily used to connect users to their virtual desktops, providing an end-user experience identical to that of a physical desktop. Spice suffers from a security vulnerability...

CVE-2021-36366

Nagios XI before 5.8.5 incorrectly allows manageservices.sh wildcards...

UBUNTU-CVE-2014-1492

The certTestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services NSS before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof...