9 vulnerabilities classified as CWE-177 (URL编码处理不恰当(Hex编码)). AI Chinese analysis included.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6414 | @fastify/static vulnerable to route guard bypass via encoded path separators — @fastify/static | 5.9 | Medium | 2026-04-16 |
| CVE-2026-29045 | Hono: Arbitrary file access via serveStatic vulnerability — hono | 7.5 | High | 2026-03-04 |
| CVE-2026-22037 | @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding) — fastify-express | 8.4 | High | 2026-01-19 |
| CVE-2026-22031 | Fastify Middie Middleware Path Bypass — middie | 8.4 | High | 2026-01-19 |
| CVE-2025-11990 | Improper Handling of URL Encoding (Hex Encoding) in GitLab — GitLab | 3.1 | Low | 2025-11-15 |
| CVE-2024-48866 | QTS, QuTS hero — QTS | 7.5 | - | 2024-12-06 |
| CVE-2022-3854 | Red Hat Ceph 安全漏洞 — ceph | 6.5 | - | 2023-03-06 |
| CVE-2022-27780 | curl 代码问题漏洞 — https://github.com/curl/curl | 7.5 | - | 2022-06-01 |
| CVE-2018-3718 | serve 安全漏洞 — serve node module | 7.5 | - | 2018-06-07 |
Vulnerabilities classified as CWE-177 (URL编码处理不恰当(Hex编码)) represent 9 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.