CVE-2026-9245

CVE-2026-9245 describes an improper input validation vulnerability in the external authentication provider flow of Devolutions Server. An unauthenticated remote attacker can coerce victims of Devolutions Server 2026.1.6.0–2026.1.16.0 and 2025.3.20.0 and earlier to be redirected to an attacker‑con...

EUVD-2026-29364

SAP TAFAPPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

CVE-2026-40137

SAP TAFAPPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

uutils coreutils 后置链接漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. uutils coreutils has a post-installation link vulnerability, which stems from a race condition. This vulnerability could allow attackers to bypass the intended references, enabling the privileged cp process to cop...

BIT-JUPYTERHUB-2026-33709 JupyterHub has an Open Redirect Vulnerability

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an...

EUVD-2026-10789

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

CVE-2026-0505

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the...

CVE-2026-24328

SAP TAFAPPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

CVE-2026-0505

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the...

CVE-2026-24328 Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)

SAP TAFAPPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

SAP Business Server Pages Application 输入验证错误漏洞

SAP Business Server Pages Application is a web application framework developed by the German company SAP. There is an input validation vulnerability in SAP Business Server Pages Application, which allows for the creation of malicious links that may lead to redirection to sites controlled by...

PT-2026-7227

Name of the Vulnerable Software and Affected Versions SAP affected versions not specified Description An unauthenticated attacker can create malicious links. Clicking these links by a victim redirects them to attacker-controlled sites, potentially exposing or altering sensitive information within...

SAP E-Recruiting BSP 跨站脚本漏洞

SAP E-Recruiting BSP is a recruitment process management module provided by the German company SAP. SAP E-Recruiting BSP has a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of user-controlled URL parameters, which may lead to unvalidated redirections to...

PT-2026-7205

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the...

CVE-2025-67852 Moodle: moodle: open redirect vulnerability in oauth login flow allows redirection to malicious sites.

A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing...

CVE-2026-0514

Due to a Cross-Site Scripting XSS vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to...

CVE-2026-0513

Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application...

DEBIAN-CVE-2026-21879

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the...

PT-2025-50562

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect url as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...

CVE-2025-42893

The CVE-2025-42893 issue is an Open Redirect in SAP Business Connector. An unauthenticated attacker can craft a URL that, when visited by a victim, redirects to an attacker-controlled site displayed in an embedded frame. This can lead to disclosure of sensitive information and unauthorized action...