1098 matches found
EUVD-2026-43083
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...
CVE-2026-55806
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...
CVE-2026-55806
CVE-2026-55806 affects Drupal core and is caused by a flaw in the rebuild.php front controller’s Host header validation, enabling an open redirect and related cache-poisoning risks. Affected versions include Drupal core 10.5.x before 10.5.12, 10.6.x before 10.6.11, 11.2.x before 11.2.14, and 11.3...
CVE-2026-55806 Drupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...
CVE-2026-55806 Drupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...
CVE-2026-34258 Content Spoofing vulnerability in SAPUI5 (Search UI)
SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...
CVE-2026-34258
SAPUI5 (Search UI) is affected by CVE-2026-34258. An unauthenticated attacker can manipulate specific URL parameters in the Search UI to deliver attacker-controlled content, potentially misleading users into clicking on pages rendered by the application. Impact is confined to confidentiality (low...
CVE-2026-34258 Content Spoofing vulnerability in SAPUI5 (Search UI)
SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...
CVE-2026-42857
Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer cleanthreadhtmlbody used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with Django's |safe template filter in...
EUVD-2026-29165
Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer cleanthreadhtmlbody used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with Django's |safe template filter in...
PT-2026-39712
Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean thread html body used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with Django's |safe template filter in...
SUSE CVE-2026-27116
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...
CVE-2026-33173 Rails Active Storage has possible content type bypass via metadata in direct uploads
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the...
CVE-2026-27116
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...
GHSA-4QGR-4H56-8895 Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module
Summary Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are...
CVE-2026-27116
Vikunja has a reflected HTML injection in the Projects module prior to version 2.0.0: the URL parameter filter is rendered into the DOM without output encoding when clicking “Filter.” Scripts/iframes are blocked, but SVG, links, and formatting tags may render, enabling SVG-based phishing buttons,...
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the filter parameters in the Projects module being rendered into the DOM without proper encoding, which could lead...
PT-2026-22026
Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.0.0 Description Vikunja, a self-hosted task management platform, has a reflected HTML injection issue in the Projects module. The filter URL parameter is rendered into the DOM without proper output encoding when a...
CVE-2026-1658 Content spoofing vulnerability discovered in OpenText™ Directory Services
User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...
CVE-2026-1658 Content spoofing vulnerability discovered in OpenText™ Directory Services
User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...