GitHub

Security Constraint Bypass via Null Byte Injection in FalkorDB v4.14.8

FalkorDB contains a vulnerability in its Cypher query parser where the null byte (\x00) is incorrectly interpreted as a string terminator. This behavior allows an attacker to truncate the query string ...
GitHub

ryanmroth/Orbit-Fox_SSRF_CVE-2025-10874

Proof of concept exploit demonstrating Server-Side Request Forgery (SSRF) vulnerability in the Orbit Fox WordPress plugin with null byte injection bypass. The Orbit Fox plugin's MyStock import ...
Business Insider

How Null Byte Injections Work: A History of Our Namesake

In this Null Byte, I'm going to teach you about Null Byte Injections. Null Bytes are an older exploit. It works by injecting a "Null Character" into a URL to alter string termination and get ...
TechRadar

Hackers are exploiting a critical RCE Flaw in a popular FTP server — here's what you need to know

Hackers launched attacks just one day after the flaw’s full technical write-up was made public Many servers stayed vulnerable for weeks despite a fix being released long before the disclosure Null ...
heise online

Secure coding: Prevent unauthorized access through path traversal (CWE-22)

Common Weakness Enumeration CWE-22, commonly referred to as "path traversal", is a vulnerability in which an application does not appropriately restrict the paths that users can access via ...