EUVD-2026-36874

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...

CVE-2026-49067

CVE-2026-49067 : Unauthenticated SQL injection affecting the WordPress plugin “Advanced 301 and 302 Redirect” (versions

PT-2026-45978

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

MiracleLinux 8 : e2fsprogs-1.45.4-3.el8 (AXSA:2020-302:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-302:02 advisory. e2fsprogs: crafted ext4 partition leads to out-of-bounds write CVE-2019-5094 Tenable has extracted the preceding description block directly from the...

CVE-2022-37033

In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no...

CVE-2022-26158

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlle...

New API 代码问题漏洞

New API is a QuantumNous open source interface software. A code issue vulnerability exists in versions of New API prior to 0.9.6 that stems from an incomplete SSRF fix and a 302 redirect to bypass security restrictions...

Slackware Linux 15.0 / current tigervnc Multiple Vulnerabilities (SSA:2025-302-02)

The version of tigervnc installed on the remote host is prior to 1.12.0 / 1.15.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-302-02 advisory. New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted...

EUVD-2020-9418

Malware in sbrugna...

EUVD-2024-23555

Malicious code in bioql PyPI...

EUVD-2023-26737

Malicious code in bioql PyPI...

EUVD-2023-26736

Malicious code in bioql PyPI...

EUVD-2023-26738

Malicious code in bioql PyPI...

CVE-2023-47549

Unauth. Reflected Cross-Site Scripting XSS vulnerability on 302 response page in spider-themes EazyDocs plugin = 2.3.3 versions...

CVE-2023-22599

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These...

CVE-2020-17466

Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

CVE-2020-26308 GHSL-2020-302: Regular Expression Denial of Service (ReDoS) in validate.js

Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are available...

CVE-2020-26308 GHSL-2020-302: Regular Expression Denial of Service (ReDoS) in validate.js

Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are available...

Withdrawn Advisory: Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability

Withdrawn Advisory This advisory has been withdrawn because the underlying issue existed in Weights and Biases's backend server code, not the software development kit included in the wandb PyPI package, as originally reported. This link is maintained to preserve external references. Original...