Lucene search
K

1098 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43083

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

6.1AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-55806

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

5.9CVSS0.00133EPSS
Exploits0References1
CVE
CVE
added 4 days ago445 views

CVE-2026-55806

CVE-2026-55806 affects Drupal core and is caused by a flaw in the rebuild.php front controller’s Host header validation, enabling an open redirect and related cache-poisoning risks. Affected versions include Drupal core 10.5.x before 10.5.12, 10.6.x before 10.6.11, 11.2.x before 11.2.14, and 11.3...

5.9CVSS6.1AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55806 Drupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

0.00133EPSS
Exploits0References1
OSV
OSV
added 4 days ago4 views

CVE-2026-55806 Drupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

5.9CVSS6.1AI score0.00133EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/12 2:19 a.m.11 views

CVE-2026-34258 Content Spoofing vulnerability in SAPUI5 (Search UI)

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 2:19 a.m.19 views

CVE-2026-34258

SAPUI5 (Search UI) is affected by CVE-2026-34258. An unauthenticated attacker can manipulate specific URL parameters in the Search UI to deliver attacker-controlled content, potentially misleading users into clicking on pages rendered by the application. Impact is confined to confidentiality (low...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 2:19 a.m.39 views

CVE-2026-34258 Content Spoofing vulnerability in SAPUI5 (Search UI)

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS0.00249EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 6:16 p.m.34 views

CVE-2026-42857

Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer cleanthreadhtmlbody used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with Django's |safe template filter in...

5.4CVSS0.0021EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/11 5:32 p.m.12 views

EUVD-2026-29165

Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer cleanthreadhtmlbody used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with Django's |safe template filter in...

4.6CVSS5.9AI score0.0021EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.17 views

PT-2026-39712

Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean thread html body used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with Django's |safe template filter in...

4.6CVSS5.9AI score0.0021EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:27 a.m.5 views

SUSE CVE-2026-27116

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/23 11:21 p.m.25 views

CVE-2026-33173 Rails Active Storage has possible content type bypass via metadata in direct uploads

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the...

5.3CVSS0.0039EPSS
Exploits0References7
NVD
NVD
added 2026/02/25 10:16 p.m.11 views

CVE-2026-27116

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

6.1CVSS0.00221EPSS
Exploits1References2
OSV
OSV
added 2026/02/25 10:1 p.m.3 views

GHSA-4QGR-4H56-8895 Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module

Summary Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are...

6.1CVSS5.8AI score0.00221EPSS
Exploits1References7
CVE
CVE
added 2026/02/25 9:33 p.m.23 views

CVE-2026-27116

Vikunja has a reflected HTML injection in the Projects module prior to version 2.0.0: the URL parameter filter is rendered into the DOM without output encoding when clicking “Filter.” Scripts/iframes are blocked, but SVG, links, and formatting tags may render, enabling SVG-based phishing buttons,...

6.1CVSS5.4AI score0.00221EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.12 views

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the filter parameters in the Projects module being rendered into the DOM without proper encoding, which could lead...

6.1CVSS7.3AI score0.00221EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.10 views

PT-2026-22026

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.0.0 Description Vikunja, a self-hosted task management platform, has a reflected HTML injection issue in the Projects module. The filter URL parameter is rendered into the DOM without proper output encoding when a...

9.9CVSS5.4AI score0.22162EPSS
Exploits70References140
Vulnrichment
Vulnrichment
added 2026/02/19 10:40 p.m.7 views

CVE-2026-1658 Content spoofing vulnerability discovered in OpenText™ Directory Services

User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...

5.3CVSS5.9AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 10:40 p.m.26 views

CVE-2026-1658 Content spoofing vulnerability discovered in OpenText™ Directory Services

User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...

5.3CVSS0.00242EPSS
Exploits0References1
Rows per page
Query Builder