Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
slashes vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-0187
F5 FirePass 5.4 up to and including 5.5.2 and 6.0 allows remote malicious users to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters ...
F5 Firepass 5.4
F5 Firepass 5.4.7
F5 Firepass 5.4.8
F5 Firepass 5.4.9
F5 Firepass 5.4.1
F5 Firepass 5.4.2
F5 Firepass 5.5
F5 Firepass 5.5.1
F5 Firepass 5.4.5
F5 Firepass 5.4.6
F5 Firepass 5.4.3
F5 Firepass 5.4.4
F5 Firepass 5.5.2
F5 Firepass 6.0
6.1
CVSSv3
CVE-2021-23387
The package trailing-slash prior to 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::createTrailing(), as the web se...
Trailing-slash Project Trailing-slash
9.8
CVSSv3
CVE-2018-12542
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outsi...
Eclipse Vert.x
6.5
CVSSv3
CVE-2021-31920
Istio prior to 1.8.6 and 1.9.x prior to 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
Istio Istio
6.1
CVSSv3
CVE-2023-3042
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotc...
Dotcms Dotcms 23.01
Dotcms Dotcms 5.3.8
Dotcms Dotcms 21.06
Dotcms Dotcms 22.03
7.5
CVSSv3
CVE-2017-5381
The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects ...
Mozilla Firefox
6.1
CVSSv3
CVE-2019-14857
A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.
Openidc Mod Auth Openidc
NA
CVE-2015-0557
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote malicious users to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
Arj Software Arj Archiver
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Fedoraproject Fedora 20
6.1
CVSSv3
CVE-2021-23401
This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only ex...
Flask-user Project Flask-user
5.4
CVSSv3
CVE-2021-23393
This affects the package Flask-Unchained prior to 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exp...
Flask Unchained Project Flask Unchained
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »