Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname
Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026
pyLoad: Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session Directory
Use of Incorrectly-Resolved Name or Reference in GitLab
Traefik: StripPrefixRegex auth bypass via Path/RawPath desync
OpenClaw < 2026.3.31 - Webhook Replay Cache Cross-Target messageId Scope Bypass
Hickory DNS hickory-recursor 0
OpenClaw < 2026.4.2 - Insufficient Scope in Zalo Webhook Replay Dedupe Keys
uutils coreutils cp Semantic Loss and Potential Denial of Service with -R via Device Node Stream Reading
OpenFGA has Improper Policy Enforcement
OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper
OpenClaw < 2026.3.22 - Webhook Path Route Replacement Vulnerability in Synology Chat
fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)
srvx is vulnerable to middleware bypass via absolute URI in request line
h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes
Use of Incorrectly-Resolved Name or Reference in GitLab
WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
SSRF vulnerability in opennextjs-cloudflare via /cdn-cgi/ path normalization bypass
File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL
SmarterTools SmarterMail < Build 9518 Unauthenticated background-of-the-day Path Coercion
Showing 1 - 20 of 1,000+ results