CVEs classified under CWE-177, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2026-22037 — CVSS 8.4 (high): The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to…
CVE-2026-22031 — CVSS 8.4 (high): @fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior…
CVE-2026-29045 — CVSS 7.5 (high): Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic…
CVE-2022-3854 — CVSS 6.5 (medium): A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null…
CVE-2026-6414 — CVSS 5.9 (medium): @fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before filesystem resolution, while Fastify's…
CVE-2024-48866 — CVSS 5.3 (medium): An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If…
CVE-2018-3718 — CVSS 5.3 (medium): serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.