29 matches found
CVE-2025-14766
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Mitigation To mitigate this issue, users should avoid visiting untrusted websites or opening...
CVE-2025-14765
A flaw was found in Chromium Google Chrome. This vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML HyperText Markup Language page due to a use after free in WebGPU Web Graphics Processing Unit. Mitigation To mitigate this issue, users should avoid...
EUVD-2018-5749
Malware in sbrugna...
EUVD-2006-3328
Malware in sbrugna...
EUVD-2022-0931
Malicious code in bioql PyPI...
PT-2024-10925 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this to hijack t...
The vulnerability of the Eclipse Glassfish application server relates to the redirection of URLs to an unreliable website, allowing attackers to redirect users to any given URL address.
The vulnerability of the Eclipse Glassfish application server is related to the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a hacker to redirect users to any given URL address...
CVE-2024-38519
yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...
BIT-CONCOURSE-2020-5409 Concourse Open Redirect in the /sky/login endpoint
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
PT-2023-8358 · Apple · Safari +1
Name of the Vulnerable Software and Affected Versions: Safari versions prior to macOS Sonoma 14.1 Description: The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to spoof the user interface. Visiting a malicious...
Pivotal Concourse Open Redirect in Login Flow
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
GHSA-9689-RX4V-CQGC Pivotal Concourse Open Redirect in Login Flow
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
The vulnerability of the redirect parameter in the fastify-static plugin allows a hacker to redirect users of Mozilla Firefox to arbitrary websites.
The vulnerability of the redirect parameter in the fastify-static plugin relates to the ability to redirect users to untrusted URLs. Exploiting this vulnerability allows a malicious actor to redirect users of Mozilla Firefox to arbitrary websites...
Open redirect
An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the tredirect parameter in a crafted URL, such as a /findv2/click URL...
CVE-2020-24550
An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the tredirect parameter in a crafted URL, such as a /findv2/click URL...
CVE-2020-5409
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
CVE-2020-5409
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
CVE-2020-5409 Concourse Open Redirect in the /sky/login endpoint
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...
PT-2020-18463 · Pivotal · Concourse
Name of the Vulnerable Software and Affected Versions: Pivotal Concourse versions prior to 6.0.0 Description: The issue allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an...
CVE-2018-15798
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...