6 vulnerabilities classified as CWE-647 (使用未经净化的URL路径进行授权决策). AI Chinese analysis included.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-9909 | Aap-gateway: improper path validation in gateway allows credential exfiltration — Red Hat Ansible Automation Platform 2.5 for RHEL 8 | 6.7 | Medium | 2026-02-27 |
| CVE-2025-66202 | Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765 — astro | 6.5 | Medium | 2025-12-08 |
| CVE-2025-64500 | Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass — symfony | 7.3 | High | 2025-11-12 |
| CVE-2025-47241 | Browser Use 安全漏洞 — browser-use | 4.0 | Medium | 2025-05-03 |
| CVE-2025-43916 | Sonos api.sonos.com 安全漏洞 — api.sonos.com | 3.4 | Low | 2025-04-21 |
| CVE-2022-43939 | Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions — Pentaho Business Analytics Server | 8.6 | High | 2023-04-03 |
Vulnerabilities classified as CWE-647 (使用未经净化的URL路径进行授权决策) represent 6 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.