CWE-177
10 CVEs classified under CWE-177. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-22037 | High | 8.4 | 2026-01-19 | The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middle… |
CVE-2026-22031 | High | 8.4 | 2026-01-19 | @fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 wh… |
CVE-2026-29045 | High | 7.5 | 2026-03-04 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based… |
CVE-2026-6414 | Medium | 5.9 | 2026-04-16 | @fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before filesystem resolution, while Fastify's router treats them as l… |
CVE-2025-11990 | Low | 3.1 | 2025-11-15 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated use… |
CVE-2024-48866 | | 2024-12-06 | An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnera… | |
CVE-2024-23983 | | 2024-11-11 | Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. | |
CVE-2022-3854 | | 2023-03-06 | A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW… | |
CVE-2022-27780 | | 2022-06-01 | The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wron… | |
CVE-2018-3718 | | 2018-06-07 | serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. |