Falhas do tipo CWE-647
7 resultadosCVE-2022-43939HIGHHitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization DecisionsEPSS 92.3%KEVCVE-2025-64500HIGHSymfony's incorrect parsing of PATH_INFO can lead to limited authorization bypassEPSS 1.3%CVE-2025-47241MEDIUMIn browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authorityEPSS 0.4%CVE-2026-5222LOWCargo can be coerced to share credentials between registriesEPSS 0.3%CVE-2025-66202MEDIUMAstro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765EPSS 0.3%CVE-2025-43916LOWSonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authoriEPSS 0.2%CVE-2025-9909MEDIUMAap-gateway: improper path validation in gateway allows credential exfiltrationEPSS 0.2%