Lucene search
K

283 matches found

Nuclei
Nuclei
added yesterday21 views

Zimbra Collaboration Suite - Cross-site Scripting

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. id:...

6.1CVSS6.9AI score0.23717EPSS
Exploits2References2
OSV
OSV
added 2026/07/01 9:35 p.m.5 views

GHSA-JXPM-75MH-9FP7 oras-go blob upload vulnerable to credential forwarding via unvalidated Location header

Summary oras-go follows a registry-controlled Location header during the monolithic blob upload flow and reuses the Authorization header from the initial POST request for the subsequent PUT request. If a malicious registry returns a cross-host Location, oras-go can send the caller's credentials t...

7.5CVSS5.8AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/25 11:4 p.m.5 views

CVE-2026-44889

A flaw was found in WebOb, a library for HTTP requests and responses. A remote attacker could exploit this vulnerability by influencing the HTTP Location header during a redirect. Due to improper normalization of the Location header, specifically how certain ASCII characters are handled, an...

6.1CVSS6AI score0.00161EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-44889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an ope...

6.1CVSS6.5AI score0.00497EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/22 11:19 p.m.4 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the normalization of the HTTP Location header during redirects. An attacker can redirect users to an arbitrary external site by supplying specially crafted input containing ASCII tab, carriage return, or newline...

6.1CVSS5.9AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 10:16 p.m.3 views

DEBIAN-CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS5.9AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 10:16 p.m.8 views

CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS0.00161EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 10:16 p.m.5 views

UBUNTU-CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS5.8AI score0.00161EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 9:30 p.m.26 views

CVE-2026-44889 WebOb: Location header normalization during redirect leads to open redirect

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:30 p.m.54 views

CVE-2026-44889

WebOb (HTTP request/response utilities) is affected prior to version 1.8.10 by an open redirect in Location header normalization during redirects. The vulnerability arises from how WebOb uses urljoin/urlsplit to combine the redirect target with the request URL; since Python 3.10, urlsplit strips ...

6.1CVSS5.9AI score0.00161EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 9:30 p.m.6 views

CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS5.9AI score0.00161EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/18 6:54 p.m.20 views

CVE-2026-33244

A flaw was found in react-router. When using Framework Mode with pre-rendering enabled, an attacker can exploit improper handling of the HTTP Location header value. This can lead to Cross-Site Scripting XSS, allowing malicious scripts to be injected into statically generated HTML files if the...

5.4CVSS5.2AI score0.00144EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 12:28 p.m.8 views

OESA-2026-2679 python-webob security update

WebOb provides wrappers around the WSGI request environment, and an object to help create WSGI responses. The objects map much of the specified behavior of HTTP, including header parsing and accessors for other standard parts of the environment. Security Fixes: Impact When WebOb normalizes the HT...

6.1CVSS5.3AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 2:33 p.m.13 views

GHSA-FH3H-VG37-CC95 WebOb: Location header normalization during redirect leads to open redirect - again

Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urllib.parse, and joining it to the base URL. urlsplit called internally by urljoin however treats a // at the start of a string ...

6.1CVSS5.7AI score0.00161EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/04 2:33 p.m.35 views

WebOb: Location header normalization during redirect leads to open redirect - again

Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urllib.parse, and joining it to the base URL. urlsplit called internally by urljoin however treats a // at the start of a string ...

6.1CVSS5.7AI score0.00497EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46304

Name of the Vulnerable Software and Affected Versions WebOb versions prior to 1.8.10 Description An open redirect occurs when the software normalizes the HTTP Location header to include the request hostname. The process involves parsing the redirect URL using Python's urllib.parse and joining it ...

6.1CVSS5.3AI score0.00161EPSS
Exploits0References18
EUVD
EUVD
added 2026/06/03 8:33 p.m.15 views

EUVD-2026-33986

React Router has stored XSS via unescaped Location header in prerendered redirect HTML...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/03 8:33 p.m.15 views

React Router has stored XSS via unescaped Location header in prerendered redirect HTML

When using React Router v7 Framework Mode with Pre-rendering enabled, an improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in statically generated HTML files if the redirect location comes from an untrusted source. !NOTE This does not impact your React...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/03 8:33 p.m.13 views

GHSA-F22V-GFQF-P8F3 React Router has stored XSS via unescaped Location header in prerendered redirect HTML

When using React Router v7 Framework Mode with Pre-rendering enabled, an improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in statically generated HTML files if the redirect location comes from an untrusted source. !NOTE This does not impact your React...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:25 a.m.16 views

SUSE CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References3
Rows per page
Query Builder