Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-34763 | 1 Rack | 1 Rack | 2026-04-16 | N/A | 5.3 MEDIUM |
| Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, *, or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem path in the HTML output. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6. | |||||
| CVE-2026-34830 | 1 Rack | 1 Rack | 2026-04-16 | N/A | 5.9 MEDIUM |
| Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfile#map_accel_path interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex metacharacters and control the generated X-Accel-Redirect response header. In deployments using Rack::Sendfile with x-accel-redirect, this can allow an attacker to cause nginx to serve unintended files from configured internal locations. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6. | |||||
| CVE-2023-6544 | 2026-04-15 | N/A | 5.4 MEDIUM | ||
| A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized. | |||||
| CVE-2026-32973 | 1 Openclaw | 1 Openclaw | 2026-03-30 | N/A | 9.8 CRITICAL |
| OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators. | |||||
| CVE-2026-23651 | 1 Microsoft | 1 Aci Confidential Containers | 2026-03-16 | N/A | 6.7 MEDIUM |
| Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | |||||