CVE-2026-4799 Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests

In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL...

CVE-2026-21871 NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()

NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL...

CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

EUVD-2022-7679

Malicious code in bioql PyPI...

EUVD-2025-21923

Malicious code in bioql PyPI...

EUVD-2025-28325

Malicious code in bioql PyPI...

PT-2024-19330 · Unknown · Simple Membership

Name of the Vulnerable Software and Affected Versions: Simple Membership versions through 4.4.1 Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability affects the Simple Membership plugin. Recommendations: For...

Cross site request forgery (csrf)

A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, t...

Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access

A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible ...

PT-2022-9019 · Ahorner · Text-Helpers

Name of the Vulnerable Software and Affected Versions: ahorner text-helpers versions up to 1.0.x ahorner text-helpers versions 1.1.0 through 1.1.1 Description: A critical issue affects the unknown code of the file lib/text helpers/translation.rb. The manipulation of the link argument leads to the...

GHSA-HRGX-7J6V-XJ82 Reflected cross-site scripting (XSS) vulnerability

This security advisory relates to a capability for an attacker to exploit a reflected cross-site scripting vulnerability when using the @keystone-6/auth package. Impact The vulnerability can impact users of the administration user interface when following an untrusted link to the signin or init...