CVE-2026-53722

Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application binds attacker-controlled input a...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the NuxtLink href when attacker-controlled input is bound to the to or href properties. An attacker can execute arbitrary scripts in the context of the application by supplying a crafted javascript: or data:...

Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

Summary The OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts line 59 uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound HTTP call automation steps, plugin downloads,...

CVE-2026-50090 Aqara OAuth redirect_uri validation bypass

The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...

CVE-2026-50090 Aqara OAuth redirect_uri validation bypass

The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...

EUVD-2026-36479

The Aqara IAM/SSO Gateway gw-builder.aqara.com provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 6.1 Medium, which can be used to set up a phishing attack...

CVE-2026-45669

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving ,...

CVE-2026-47196

creationtimestamp| type| source ---|---|--- 2026-06-12 13:57:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo3vgwapyy23...

CVE-2026-53722 Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL

Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application binds attacker-controlled input a...

CVE-2026-41708

creationtimestamp| type| source ---|---|--- 2026-06-12 12:55:27+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mo3rytodm42d 2026-06-15 20:13:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moe3ve7spj2y...

CVE-2026-45669 Nuxt: Reflected XSS in `navigateTo()` external redirect

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving ,...

EUVD-2026-36420

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving ,...

CVE-2026-45669

Nuxt.js (framework for Vue) versions 3.4.3–3.21.5/3.21.5? and 4.0.0-alpha.1–4.4.5 are affected by a reflected XSS in navigateTo(url, { external: true }) during server-side redirects, where the destination URL is sanitized only for quotes and can break out of content=

CVE-2026-12065 Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

EUVD-2026-36417

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

CVE-2026-12065 Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

CVE-2026-12065

Groww Android app (Groww Stock, Mutual Fund, Gold App) up to 20260805 is affected due to improper authorization in the WebView URL Handler for a custom URL scheme. The issue is located in an unknown part of the WebView URL handling logic and can be triggered on a physical device. Exploitation sta...

OESA-2026-2677 varnish security update

This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...

CVE-2026-44417

creationtimestamp| type| source ---|---|--- 2026-06-12 11:00:28+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mo3llavbst2u 2026-06-14 12:00:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moapueqzdn2p...

Information Exposure

Element Call is vulnerable to Information Exposure. The vulnerability is due to analytics data including full page URLs and URL fragments being sent to a configured PostHog server, which allows an attacker with access to the analytics data to obtain sensitive information such as call encryption...