CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/27 12:0 a.m.•12 views

PT-2026-44029

Name of the Vulnerable Software and Affected Versions Facebook for WooCommerce versions prior to 3.7.1 Description An Open Redirect issue exists, which is a type of vulnerability that allows an application to redirect a user to an untrusted external site. This can be leveraged to facilitate...

4.7CVSS5.8AI score0.00231EPSS

RedHat Linux•added 2026/05/26 12:59 p.m.•10 views

Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve

A flaw was found in Apache Tomcat. This open redirect vulnerability allows an attacker to redirect a user to an untrusted site. This occurs through the LoadBalancerDrainingValve, which can be exploited to manipulate URL redirection. The primary impact is that users may be unknowingly directed to...

6.1CVSS6.3AI score0.00526EPSS

RedHat Linux•added 2026/05/26 12:55 p.m.•11 views

Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve

6.1CVSS6.3AI score0.00526EPSS

NVD•added 2026/05/20 8:16 p.m.•12 views

CVE-2026-2813

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulti...

4.7CVSS0.003EPSS

EUVD•added 2026/05/20 5:51 p.m.•11 views

EUVD-2026-31145

4.7CVSS5.6AI score0.003EPSS

CNNVD•added 2026/05/20 12:0 a.m.•8 views

Esri ArcGIS Server 安全漏洞

Esri ArcGIS Server is a web-based enterprise-level software platform provided by Esri that can deliver geographic services. Version 11.5 of Esri ArcGIS Server contains a security vulnerability. This vulnerability stems from a weakness in input validation within the login redirection workflow. Thi...

4.7CVSS5.8AI score0.003EPSS

UbuntuCve•added 2026/05/12 10:16 p.m.•11 views

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

Vulnrichment•added 2026/05/12 9:37 p.m.•6 views

Exploits0References2

CVE-2026-44301 Hugo: Node tool execution allows file system access outside the project directory

Debian CVE•added 2026/05/12 9:37 p.m.•8 views

CVE-2026-44301

AlpineLinux•added 2026/05/12 9:37 p.m.•8 views

Exploits0

CVE-2026-44301

OSV•added 2026/05/06 8:59 p.m.•5 views

GHSA-X597-9FR4-5857 Hugo's Node tool execution allows file system access outside the project directory

Impact When building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could allow code running through these tools to read or write...

Snyk•added 2026/05/06 8:59 p.m.•10 views

Exploits0References3

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the execution of Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS. An attacker can gain unauthorized access to files outside the intended project directory by executing code through these tools wh...

8.6CVSS6.3AI score0.00274EPSS

Exploits0References2

Positive Technologies•added 2026/05/06 12:0 a.m.•18 views

PT-2026-38298

Name of the Vulnerable Software and Affected Versions Hugo versions prior to 0.161.0 Description When building a site that utilizes Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS, the software invokes configured Node tools without restrictions on file system access. This allows...

Cvelist•added 2026/04/08 8:30 a.m.•23 views

Exploits0References13

CVE-2026-39484 WordPress Hide My WP Ghost plugin < 7.0.00 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through 7.0.00...

4.7CVSS0.00201EPSS

EUVD•added 2026/03/09 6:31 p.m.•6 views

EUVD-2025-208432

An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code...

6AI score0.00206EPSS

Exploits0References4

OSV•added 2026/03/09 5:16 p.m.•4 views

CVE-2025-70037

An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code...

6.1CVSS6AI score

Exploits0References3

CNNVD•added 2026/03/09 12:0 a.m.•4 views

sunbird-portal 安全漏洞

sunbird-portal is an open-source portal developed by Sunbird-ED. Version 1.13.4 of sunbird-portal contains a security vulnerability, which stems from URL redirection to untrusted sites...

6.1CVSS5.8AI score0.00239EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 9:14 a.m.•6 views

CVE-2022-23618

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters xredirect can be used to perform url redirections. This problem...

6.1CVSS6.6AI score0.00787EPSS

Positive Technologies•added 2025/12/29 12:0 a.m.•4 views

PT-2025-53764

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software suffers from an open redirect issue, allowing an attacker to redirect users to a malicious website. This occurs due to improper validation of user-supplied URLs. The issue involves...

6.1CVSS6.3AI score0.00144EPSS