Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
slashes vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2021-23393
This affects the package Flask-Unchained prior to 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exp...
Flask Unchained Project Flask Unchained
5.8
CVSSv2
CVE-2021-23401
This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only ex...
Flask-user Project Flask-user
3.5
CVSSv2
CVE-2019-16769
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's impleme...
Verizon Serialize-javascript
NA
CVE-2022-28977
HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 up to and including 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote ...
Liferay Dxp 7.2
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.3
Liferay Liferay Portal
4.3
CVSSv2
CVE-2019-16772
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementati...
Serialize-to-js Project Serialize-to-js
NA
CVE-2021-23385
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vu...
Flask-security Project Flask-security
NA
CVE-2024-25609
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 up to and including 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, whic...
5
CVSSv2
CVE-2014-7819
Multiple directory traversal vulnerabilities in server.rb in Sprockets prior to 2.0.5, 2.1.x prior to 2.1.4, 2.2.x prior to 2.2.3, 2.3.x prior to 2.3.3, 2.4.x prior to 2.4.6, 2.5.x prior to 2.5.1, 2.6.x and 2.7.x prior to 2.7.1, 2.8.x prior to 2.8.3, 2.9.x prior to 2.9.4, 2.10.x ...
Sprockets Project Sprockets 2.6.0
Sprockets Project Sprockets
Sprockets Project Sprockets 3.0.0
NA
CVE-2023-38346
An issue exists in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the func...
Windriver Vxworks 6.9
Windriver Vxworks 7.0
9.3
CVSSv2
CVE-2019-9686
pacman prior to 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given i...
Pacman Project Pacman
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »