797 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-5739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content...
K000152958: Curl vulnerability CVE-2021-22876
Security Advisory Description curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the...
CVE-2025-54783
CVE-2025-54783 affects SuiteCRM up to version 7.14.6, with a reflected XSS vulnerability triggered by modifying the HTTP Referer header to inject JavaScript. The server may block the domain but still execute the injected script. Remediation is to upgrade to SuiteCRM 7.14.7 or later. No exploitati...
SuiteCRM 跨站脚本漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. A cross-site scripting vulnerability exists in SuiteCRM 7.14.6 and earlier versions, which stems from a modification to the HTTP Referer header that could lead to a reflected cross-site scripting attack...
📄 SeoToaster 2.5.0 Open Redirection
SeoToaster version 2.5.0 suffers from an open redirection vulnerability. Exploit Title: Open Redirect "Login Page" Functionality - seotoasterv2.5.0 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 2.5.0 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Open Redirect "Login Page"...
WordPress plugin Nginx Cache Purge Preload 代码注入漏洞
WordPress Nginx Cache Purge Preload plugin is a plugin for optimizing the loading speed of your website. The WordPress Nginx Cache Purge Preload plugin suffers from a code injection vulnerability that stems from insufficient cleanup of the HTTPREFERERER parameter in the nppppreloadcacheonupdate...
CVE-2024-51979
An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631. The malformed request will contain an empty Origin header value and a malformed Referer...
CVE-2024-51979
An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631. The malformed request will contain an empty Origin header value and a malformed Referer...
CVE-2023-38066
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads...
CVE-2023-24070
app/View/AuthKeys/authkeydisplay.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field...
CVE-2022-25196
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...
CVE-2021-24917
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user...
CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...
CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding except in Internet...
CVE-2020-20285
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php...
CVE-2014-8301
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header...
CVE-2019-6726
The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wppostratingsclearfastestcache and rmfolderrecursively in wpFastestCache.php mishandle ../ in an HTTP Referer header...
CVE-2017-14193
The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...
CVE-2015-9273
The wp-slimstat aka Slimstat Analytics plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking...
CVE-2015-9314
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header...