977215 matches found
EUVD-2026-22188
Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality...
EUVD-2025-13498
Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions...
Prometheus - Open Redirect
Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...
DataEase - Remote Code Execution
DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...
Submitty <= 20.04.01 - Open Redirect
Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-13121...
AWStats < 6.95 - Open Redirect
An open redirect vulnerability in awredir.pl in AWStats 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2009-5020 info: name: AWStats 6.95 - Open Redirect author: pdteam severity: medium description: An open...
WordPress Pie Register <3.8.2.3 - Open Redirect
WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute...
Mosparo < 1.0.2 - Open Redirect
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. id: CVE-2023-5375 info: name: Mosparo 1.0.2 - Open Redirect author: shankaracharya severity: medium description: | Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. impact: | Unauthenticated attackers can exploit...
Ruby on Rails - Open Redirect via Host Header Injection
Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...
Alfresco Share - Open Redirect
Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-14223 info: name:...
HomeAutomation 3.3.2 - Open Redirect
HomeAutomation 3.3.2 contains a redirect vulnerability caused by improper verification of the 'redirect' GET parameter in 'api.php', letting attackers redirect users to arbitrary websites, exploit requires user interaction with a crafted link. id: CVE-2020-21998 info: name: HomeAutomation 3.3.2 -...
Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...
Gitea <1.16.5 - Open Redirect
Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-1058 info: name: Gitea 1.16.5 - Open Redire...
IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect
An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. id: CVE-2023-40779 info: name: IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect author: r3Y3r53 severity: medium description: | An issue in...
GnuBoard5 5.5.16 - Open Redirect
Gnuboard5 5.5.16 contains an open redirect vulnerability caused by insufficient URL parameter verification in bbs/logout.php, letting remote attackers redirect users to arbitrary URLs, exploit requires crafted URL parameter. id: CVE-2024-37656 info: name: GnuBoard5 5.5.16 - Open Redirect author:...
GetSimple CMS 3.3.13 - Open Redirect
GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-9915 info: name: GetSimple CMS...
Nova noVNC - Open Redirect
Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-3654 info: name: Nova noVNC - Open Redirect author: geeknik severity: medium...
XWiki - Open Redirect
XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0. id: CVE-2023-32068 info: name: XWiki - Open Redirect author:...
GO-2026-5924 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder
Coder's session token leaked to arbitrary hosts via coder open app for external workspace apps in github.com/coder/coder...
GO-2026-5908 Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass in github.com/coder/coder
Coder vulnerable to OIDC account takeover via email-based user matching and emailverified bypass in github.com/coder/coder...