Lucene search
K

1394 matches found

NVD
NVD
added 11 hours ago5 views

CVE-2026-31981

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS
Exploits0References1
Cvelist
Cvelist
added 12 hours ago7 views

CVE-2026-31982 Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...

7.1CVSS
Exploits0References1
CVE
CVE
added 12 hours ago7 views

CVE-2026-31982

The connected records identify CVE-2026-31982 as an Open Redirect vulnerability in SAML Single Sign-On affecting Guardian/CMC prior to version 26.2.0. The root cause is insufficient validation of a user-controlled redirection parameter in the SAML sign-in endpoint, enabling an unauthenticated att...

7.1CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 12 hours ago8 views

CVE-2026-31981 HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS
Exploits0References1
EUVD
EUVD
added 12 hours ago5 views

EUVD-2026-42531

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS6AI score
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-56283

Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endpoint that allows attackers to inject malicious HTML content. Attackers can craft payloads in the organization name field to redirect users to untrusted websites, enabling phishing attacks and...

5.4CVSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-42252

Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endpoint that allows attackers to inject malicious HTML content. Attackers can craft payloads in the organization name field to redirect users to untrusted websites, enabling phishing attacks and...

5.4CVSS6AI score
Exploits0References2
Patchstack
Patchstack
added 2026/07/01 7:59 p.m.4 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability

Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40419

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 10:16 p.m.11 views

CVE-2026-58450

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 9:7 p.m.35 views

CVE-2026-58450 Invoice Ninja 5.13.26 - Open Redirect in Client Portal Login via intended Parameter

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53999

Name of the Vulnerable Software and Affected Versions Invoice Ninja versions prior to 5.13.27 Description An open redirect exists in the client portal login. Unauthenticated attackers can redirect authenticated users to external URLs by injecting a malicious value into the intended query paramete...

5.3CVSS6AI score0.00176EPSS
Exploits0References7
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-57533

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:31 p.m.34 views

CVE-2026-57533

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:31 p.m.13 views

CVE-2026-57533

Technical details (affected product/version/root cause/patch) are not publicly provided in the supplied documents. Monitor for updates.

2.1CVSS5.8AI score0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 11:16 p.m.8 views

CVE-2026-47693

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

6.9CVSS0.00229EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 10:7 p.m.28 views

CVE-2026-47693

CVE-2026-47693 details (Poweradmin) : Poweradmin, a web-based DNS admin tool for PowerDNS, is vulnerable to CSV Injection in its log export endpoints. User-supplied data (notably the username) is written to exported CSVs without sanitizing formula trigger characters (=, +, -, @). When an admin ex...

6.9CVSS5.9AI score0.00229EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 10:7 p.m.5 views

CVE-2026-47693

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

6.9CVSS5.9AI score0.00229EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 4:42 p.m.9 views

Gogs has an Open Redirect via redirect_to

Summary An open redirect vulnerability exists in Gogs where attacker-controlled redirectto parameters can bypass validation, allowing redirection to arbitrary external sites. Details All redirects in Gogs that are validated via the IsSameSite function are vulnerable: go func IsSameSiteurl string...

5.4CVSS5.9AI score0.00554EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/23 12:16 p.m.12 views

CVE-2026-4983

Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a maliciou...

5.4CVSS0.00226EPSS
Exploits1References1
Rows per page
Query Builder