Lucene search
K

42268 matches found

Nuclei
Nuclei
added yesterday69 views

Telaen => v1.3.1 - Open Redirect

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. id: CVE-2013-2621 info: name: Telaen = v1.3.1 - Open Redirect author: ctflearner severity: medium description: | Open Redirection...

6.1CVSS6.5AI score0.10692EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday67 views

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

5.4CVSS6.2AI score0.01027EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday72 views

WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard. id: CVE-2022-2599 info: name: WordPress Anti-Malware Security an...

6.1CVSS6.4AI score0.0102EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday74 views

WordPress AcyMailing <7.5.0 - Open Redirect

WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user. id: CVE-2021-24288...

6.1CVSS6.4AI score0.01939EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday117 views

Cisco Small Business 200,300 and 500 Series Switches - Open Redirect

Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-1943 info: name: Cisco Small...

6.1CVSS6.3AI score0.1051EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday47 views

DotCMS < 5.0.2 - Open Redirect

dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify...

6.1CVSS6.4AI score0.03717EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday50 views

GetSimple CMS 3.3.13 - Open Redirect

GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-9915 info: name: GetSimple CMS...

6.1CVSS6.4AI score0.03626EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday183 views

Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. id: CVE-2019-10098 info: name: Apache HTTP server v2.4.0 to v2.4.39 - Open...

6.1CVSS6.7AI score0.73981EPSS
Exploits1References6
Nuclei
Nuclei
added yesterday69 views

Rudloff alltube prior to 3.0.1 - Open Redirect

An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1. id: CVE-2022-0692 info: name: Rudloff alltube prior to 3.0.1 - Open Redirect...

6.1CVSS6.2AI score0.03378EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday23 views

Orange Forum 1.4.0 - Open Redirect

Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-14474 info: nam...

6.1CVSS6.4AI score0.02257EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday27 views

OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect

OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2017-14524 info: name: OpenText...

6.1CVSS6.4AI score0.0294EPSS
Exploits2References5
Circl
Circl
added yesterday5 views

CVE-2026-11567

creationtimestamp| type| source ---|---|--- 2026-07-14 06:39:52+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqllwpvip62s 2026-07-14 09:23:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqlv2n25xx27...

5.9CVSS6.1AI score0.00136EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in @cw-ui/micro-ui-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b558c8d90850ea9817e236b445ba2bc1020a35a81a099a5e1575ef705b00bd39 On npm install, postinstall.js reads the installer's hostname via os.hostname and sends it as a query parameter to a hardcoded bare-IP HTTP endpoint:...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in node-fsmetrics-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9958558a30dea32a3b0fc2e48bb775433e1f12b339030a8d21872ad058bc28ff On require, index.js hex-decodes the URL http://152.53.120.90/cmd and starts a background loop that polls /cmd/commands, executes returned strings vi...

6.1AI score
Exploits0References2
OSV
OSV
added 2 days ago5 views

MAL-2026-10474 Malicious code in @dervix/engine.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 118dd8f5224b1dcccddf25d74c6c9fe3543b444173ea293dafa28154e82689d5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References7
Circl
Circl
added 2 days ago6 views

CVE-2026-6875

creationtimestamp| type| source ---|---|--- 2026-07-13 18:47:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqke4twobm25 2026-07-13 19:37:52+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqkgwy6vga2p 2026-07-13 19:50:05+00:00| seen|...

9.5CVSS6.1AI score0.00509EPSS
Exploits0References11
NVD
NVD
added 2 days ago3 views

CVE-2026-57691

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through = 4.23.89...

5.8CVSS0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57691 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.89 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through = 4.23.89...

5.8CVSS0.00153EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-57691

CVE-2026-57691 concerns a Reflected Cross-Site Scripting (XSS) in the WordPress plugin WordPress Anti-Malware Security and Brute-Force Firewall (gotmls) ≤ 4.23.89. The root cause is improper neutralization of input during web page generation. Affected software is the Anti-Malware Security and Bru...

5.8CVSS6.1AI score0.00153EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago7 views

Malicious code in prettier-plugin-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e4c522699877c1eca1bb9c838a443e3c4bfa21950cf5c5b1d23182ae91a534e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Rows per page
Query Builder