Lucene search
+L

61 matches found

Vulnrichment
Vulnrichment
added 2024/09/30 3:17 p.m.16 views

CVE-2024-47530 Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

5.4CVSS6.6AI score0.00371EPSS
Exploits1References2
OSV
OSV
added 2024/09/30 3:17 p.m.21 views

CVE-2024-47530 Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

5.4CVSS6.3AI score0.00371EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/06/27 6:52 p.m.12 views

RHSSO: XSS due to lax URI scheme validation

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

10CVSS5.7AI score0.00626EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/06/27 12:0 a.m.36 views

RHEL 8 : Red Hat Single Sign-On 7.6.4 security update on RHEL 8 (Important) (RHSA-2023:3884)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3884 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

10CVSS6.5AI score0.01771EPSS
Exploits0References13
OSV
OSV
added 2023/06/09 10:41 p.m.79 views

GHSA-4882-HXPR-HRVM @udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme

Impact Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content. Patches...

8.1CVSS6.9AI score0.00445EPSS
Exploits0References5
OSV
OSV
added 2023/05/26 10:15 p.m.5 views

CVE-2023-21514

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

8.8CVSS7.4AI score0.00521EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/26 12:0 a.m.10 views

CVE-2023-21514

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

7.5CVSS8.8AI score0.00521EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/26 12:0 a.m.24 views

CVE-2023-21514

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

7.5CVSS9AI score0.00521EPSS
Exploits0References1
OSV
OSV
added 2021/09/03 11:3 a.m.3 views

OESA-2021-1333 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An issue was...

7.5CVSS7AI score0.02341EPSS
Exploits0References4
OSV
OSV
added 2016/02/14 2:59 a.m.3 views

CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

8.8CVSS7.3AI score0.01317EPSS
Exploits0References11
OSV
OSV
added 2016/02/14 2:59 a.m.4 views

UBUNTU-CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

8.8CVSS7.3AI score0.01317EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/09/25 12:0 a.m.29 views

Google Chrome < 43.0.2357.130 Multiple Vulnerabilities

Binary data 8880.pasl...

5CVSS9.7AI score0.01489EPSS
Exploits0References2
Mageia
Mageia
added 2015/07/05 5:22 p.m.56 views

Updated chromium-browser package fixes security vulnerability

A scheme validation error in WebUI CVE-2015-1266. Two cross-origin bypass issues in Blink CVE-2015-1267, CVE-2015-1268. A normalization error in the HSTS/HPKP preload list CVE-2015-1269. This update also disables the automatic, silent downloading and installation of "external components" like the...

5CVSS9.2AI score0.02306EPSS
Exploits1References3
CNVD
CNVD
added 2015/06/29 12:0 a.m.7 views

Google Chrome Security Bypass Vulnerability (CNVD-2015-04100)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the content/browser/webui/contentwebuicontrollerfactory.cc file in Google Chrome 43.0.2357.81 and earlier versions, which stems from the program's failure to properly validate a URL...

5CVSS6.6AI score0.01489EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/06/25 8:9 a.m.5 views

chromium-browser: Scheme validation error in WebUI

content/browser/webui/contentwebuicontrollerfactory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as...

5CVSS7.4AI score0.01489EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/06/23 12:0 a.m.57 views

Google Chrome < 43.0.2357.130 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.130. It is, therefore, affected by multiple vulnerabilities : - A scheme validation error exists in WebUI. A remote attacker can exploit this to have an unspecified impact. CVE-2015-1266 - A cross-origin bypas...

5CVSS7.4AI score0.02306EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2015/06/22 12:5 p.m.36 views

Google Fixes Handful of Bugs in Chrome

Google has fixed several vulnerabilities in Chrome, including a pair of cross-origin bypasses and a high-risk scheme validation error. The new release updates Chrome to version 43.0.2357.130 and there are patches for other security flaws as well, though Google has only published information on fo...

5CVSS0.1AI score0.02306EPSS
Exploits1References5
FreeBSD
FreeBSD
added 2015/06/22 12:0 a.m.32 views

www/chromium -- multiple vulnerabilities

Google Chrome Releases reports: 4 security fixes in this release: 464922 High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous. 494640 High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 497507 Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit...

5CVSS9.2AI score0.02306EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2012/09/10 12:57 p.m.53 views

USN-1560-1: Django vulnerabilities

It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting XSS attacks. CVE-2012-3442 It was discovered that Django incorrectly handled...

5CVSS5.4AI score0.02641EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2012/07/31 5:55 p.m.7 views

CVE-2012-3442

The 1 django.http.HttpResponseRedirect and 2 django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting XSS attacks via a data: URL...

4.3CVSS4.9AI score0.02072EPSS
Exploits1References8
Rows per page
Query Builder