17434 matches found
CVE-2026-31981
A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...
CVE-2026-31982
An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...
CVE-2026-31982 Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0
An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...
CVE-2026-31982
The connected records identify CVE-2026-31982 as an Open Redirect vulnerability in SAML Single Sign-On affecting Guardian/CMC prior to version 26.2.0. The root cause is insufficient validation of a user-controlled redirection parameter in the SAML sign-in endpoint, enabling an unauthenticated att...
CVE-2026-31982
An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...
EUVD-2026-42532
An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...
CVE-2026-31981 HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0
A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...
EUVD-2026-42531
A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...
Gradio - Open Redirect
Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application. id: CVE-2024-8021 info: name: Gradio - Open Redirect author: DhiyaneshDK severity: medium description: | Gradio...
Moodle LTI module Reflected - Cross-Site Scripting
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
Stable Diffusion Webui 1.10.0 - Open Redirect
An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...
Odoo <= 8.0-20160726 & 9.0 - Open Redirect
An Open Redirect vulnerability in Odoo versions = 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL. id: CVE-2017-5871 info: name: Odoo = 8.0-20160726 & 9.0 - Open Redirect author: 1337rokudenashi severity: medium description: | An Open...
Gradio - Open Redirect
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...
EyouCMS 1.5.4 Open Redirect
EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function. id: CVE-2021-39501 info: name: EyouCMS 1.5.4 Open Redirect author: 0xAkoko severity: medium description: EyouCMS 1.5.4 is vulnerable to an Open Redirect...
Noptin < 1.6.5 - Open Redirect
Noptin 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the "to" parameter before redirecting the user to its given value, leading to an open redirect issue. id: CVE-2021-25033 info: name: Noptin 1.6.5 - Open Redirect author: dhiyaneshDk severity: medium...
Rudloff alltube prior to 3.0.1 - Open Redirect
An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1. id: CVE-2022-0692 info: name: Rudloff alltube prior to 3.0.1 - Open Redirect...
GLPI <9.4.6 - Open Redirect
GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. id: CVE-2020-11034 info: name: GLPI 9.4.6 - Open Redirect author: pikpikcu severity: medium description: GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. impact: | An attacker can exploit this...
TikiWiki CMS Groupware v8.3 - Open Redirect
tiki-featuredlink.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection id: CVE-2012-5321 info: name: TikiWiki CMS Groupware v8.3 - Open Redirect author: ctflearner severity:...
Forescout CounterACT 6.3.4.1 - Open Redirect
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter. id: CVE-2012-4982 info: name: Forescout CounterACT 6.3.4.1 - Open Redirect...
Fortinet FortiOS - Open Redirect/Cross-Site Scripting
FortiOS Web User Interface in 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting attacks via the "redirect" parameter to "login." id: CVE-2016-3978 info: name: Fortin...