Weaknesses of type CWE-180
14 resultsCVE-2022-26136CRITICALA vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third pEPSS 4.1%CVE-2022-26137HIGHA vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked wEPSS 1.8%CVE-2026-39364HIGHVite has a `server.fs.deny` bypass with queriesEPSS 1.7%CVE-2025-43716MEDIUMA directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /cliEPSS 1.2%CVE-2026-24895HIGHFrankenPHP affected by Path Confusion via Unicode casing in CGI path splitting allows execution of arbitrary filesEPSS 0.6%CVE-2026-27590HIGHCaddy: Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transportEPSS 0.5%CVE-2025-29787HIGHzip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File WriteEPSS 0.5%CVE-2026-39409MEDIUMHono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addressesEPSS 0.3%CVE-2026-34475MEDIUMVarnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / EPSS 0.2%CVE-2026-34786MEDIUMRack: Rack::Static header_rules bypass via URL-encoded pathsEPSS 0.2%CVE-2026-42462HIGHFedify has an LD-Signature Bypass via JSON-LD Named-Graph RestructuringEPSS 0.2%CVE-2026-45022HIGHgo-git: Improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream GitEPSS 0.2%CVE-2024-28607LOWThe ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as gloEPSS 0.1%CVE-2025-33194MEDIUMNVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successEPSS 0.1%