Pooya Parsa

7 exploits Active since Dec 2022
CVE-2026-33732 WRITEUP MEDIUM WRITEUP
srvx is vulnerable to middleware bypass via absolute URI in request line
srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's `FastURL` allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme (e.g. `file://`). Starting in version 0.11.13, the `FastURL` constructor now deopts to native `URL` for any string not starting with `/`, ensuring consistent pathname resolution.
CVSS 4.8
CVE-2026-33128 WRITEUP HIGH WRITEUP
h3 Event Stream Fields - Server-Sent Events Injection
H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization in formatEventStreamMessage() and formatEventStreamComment(). An attacker who controls any part of an SSE message field (id, event, data, or comment) can inject arbitrary SSE events to connected clients. This issue is fixed in versions 1.15.6 and 2.0.1-rc.15.
CVSS 7.5
CVE-2022-4413 WRITEUP MEDIUM WRITEUP
nuxt/framework - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13.
CVSS 6.1
CVE-2022-4414 WRITEUP MEDIUM WRITEUP
nuxt/framework - DOM-based Cross-Site Scripting
Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13.
CVSS 6.1
CVE-2025-54387 WRITEUP CRITICAL WRITEUP
unjs/ipx <1.3.2, 2.0.0-2.1.0, 3.0.0-3.1.0 - Path Traversal via Path Prefix Bypass
IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. This is fixed in versions 1.3.2, 2.1.1 and 3.1.1.
CVSS 9.8
CVE-2025-69874 WRITEUP CRITICAL WRITEUP
nanotar <= 0.2.0 - Path Traversal and Arbitrary File Write via Crafted Tar Archive
nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.
CVSS 9.8
CVE-2026-23527 WRITEUP HIGH WRITEUP
h3 < 1.15.5 - HTTP Request Smuggling via Transfer-Encoding Header Case Mismatch
H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this header should be case-insensitive. This vulnerability is fixed in 1.15.5.
CVSS 8.9