150 matches found
Benchmarking Large Language Models for Zero-Shot and Few-Shot Phishing URL Detection
The Uniform Resource Locator URL, introduced in a connectivity-first era to define access and locate resources, remains historically limited, lacking future-proof mechanisms for security, trust, or resilience against fraud and abuse, despite the introduction of reactive protections like HTTPS...
CVE-2026-23846
CVE-2026-23846 — Tugtainer password exposure : Tugtainer (self-hosted Docker updater) before version 1.16.1 transmits passwords via URL query parameters instead of the HTTP request body. This enables passwords to be logged in server access logs and potentially exposed through browser history, Ref...
CVE-2026-1002
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...
UBUNTU-CVE-2026-22610
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting XSS vulnerability has been identified in the Angular Template Compiler. The...
CVE-2019-25251
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xmlurl'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP...
Path Traversal
esm.sh is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of user-supplied URL components allowing path-traversal and file-scheme requests by which an attacker can craft specially-formed requests that cause the server to read and return arbitrary local files or oth...
Clear2Pay Bank Visibility Application - Payment Execution 安全漏洞
Clear2Pay Bank Visibility Application - Payment Execution is a financial software component from Clear2Pay Belgium. A security vulnerability exists in Clear2Pay Bank Visibility Application - Payment Execution version 1.10.0.104, which originates from an unvalidated ID parameter in the URL and cou...
EUVD-2025-25175
Malicious code in bioql PyPI...
EUVD-2025-25693
Malicious code in bioql PyPI...
EUVD-2025-25229
Malicious code in bioql PyPI...
requests: Requests vulnerable to .netrc credentials leak via malicious URLs
A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue...
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
...
CVE-2023-21481
Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information...
Linux Distros Unpatched Vulnerability : CVE-2020-15693
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part o...
Improper Input Validation
github.com/grafana/grafana-infinity-datasource is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of allowed URL restrictions, which allows an attacker to bypass configured URL checks using a specially crafted URL...
Improper Input Validation
org.apache.zeppelin, zeppelin-jdbc is vulnerable to Improper Input Validation. The vulnerability is due to incomplete JDBC URL validation that failed to handle URL encoded input, which allows an attacker to bypass validation checks and potentially exploit database connections...
CVE-2025-55706
URL redirection to untrusted site 'Open Redirect' issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL...
Linux Distros Unpatched Vulnerability : CVE-2022-33980
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolatio...
CVE-2025-54145
The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for iOS 141...
CVE-2025-4044 XML External Entity Injection vulnerability in various Lexmark Universal Drivers
Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL...