Lucene search
K

977215 matches found

EUVD
EUVD
added yesterday10 views

EUVD-2026-22188

Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality...

4.3CVSS5.9AI score0.00227EPSS
Exploits1References2
EUVD
EUVD
added yesterday6 views

EUVD-2025-13498

Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions...

6.4CVSS5.9AI score0.00434EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday46 views

Prometheus - Open Redirect

Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...

6.5CVSS6.5AI score0.1956EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday34 views

DataEase - Remote Code Execution

DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...

9.8CVSS6AI score0.41835EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday25 views

Submitty <= 20.04.01 - Open Redirect

Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-13121...

6.1CVSS6.3AI score0.03518EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday86 views

AWStats < 6.95 - Open Redirect

An open redirect vulnerability in awredir.pl in AWStats 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2009-5020 info: name: AWStats 6.95 - Open Redirect author: pdteam severity: medium description: An open...

5.8CVSS6.1AI score0.03488EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday81 views

WordPress Pie Register <3.8.2.3 - Open Redirect

WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute...

5.4CVSS6.4AI score0.24263EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday66 views

Mosparo < 1.0.2 - Open Redirect

Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. id: CVE-2023-5375 info: name: Mosparo 1.0.2 - Open Redirect author: shankaracharya severity: medium description: | Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. impact: | Unauthenticated attackers can exploit...

6.1CVSS6AI score0.33629EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday25 views

Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

6.1CVSS6.6AI score0.87301EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday43 views

Alfresco Share - Open Redirect

Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-14223 info: name:...

6.1CVSS6.4AI score0.04474EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday11 views

HomeAutomation 3.3.2 - Open Redirect

HomeAutomation 3.3.2 contains a redirect vulnerability caused by improper verification of the 'redirect' GET parameter in 'api.php', letting attackers redirect users to arbitrary websites, exploit requires user interaction with a crafted link. id: CVE-2020-21998 info: name: HomeAutomation 3.3.2 -...

6.1CVSS6.5AI score0.01319EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday72 views

Open Automation Software OAS Platform V16.00.0121 - Missing Authentication

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS7.2AI score0.37606EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday59 views

Gitea <1.16.5 - Open Redirect

Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-1058 info: name: Gitea 1.16.5 - Open Redire...

7.2CVSS6.6AI score0.53177EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday94 views

IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. id: CVE-2023-40779 info: name: IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect author: r3Y3r53 severity: medium description: | An issue in...

6.1CVSS6.8AI score0.01355EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday11 views

GnuBoard5 5.5.16 - Open Redirect

Gnuboard5 5.5.16 contains an open redirect vulnerability caused by insufficient URL parameter verification in bbs/logout.php, letting remote attackers redirect users to arbitrary URLs, exploit requires crafted URL parameter. id: CVE-2024-37656 info: name: GnuBoard5 5.5.16 - Open Redirect author:...

6.1CVSS6.1AI score0.00494EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday48 views

GetSimple CMS 3.3.13 - Open Redirect

GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-9915 info: name: GetSimple CMS...

6.1CVSS6.3AI score0.03626EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday96 views

Nova noVNC - Open Redirect

Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-3654 info: name: Nova noVNC - Open Redirect author: geeknik severity: medium...

6.1CVSS6.8AI score0.26792EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday64 views

XWiki - Open Redirect

XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0. id: CVE-2023-32068 info: name: XWiki - Open Redirect author:...

6.1CVSS6.5AI score0.5507EPSS
Exploits0References2
OSV
OSV
added yesterday5 views

GO-2026-5924 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder

Coder's session token leaked to arbitrary hosts via coder open app for external workspace apps in github.com/coder/coder...

7.7CVSS6AI score
Exploits0References2
OSV
OSV
added yesterday3 views

GO-2026-5908 Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass in github.com/coder/coder

Coder vulnerable to OIDC account takeover via email-based user matching and emailverified bypass in github.com/coder/coder...

7.4CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder