CVE-2026-40910

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

SUSE CVE-2025-65965

Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting versions 0.68.0 through 0.104.0. If registry credentials are defined and the output of grype is written using the --file or --output json= option, the registr...

CVE-2025-64115

Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and...

CVE-2025-64115 Movary unvalidated Referer header allows open redirect and phishing

Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and...

CVE-2025-64115 Movary unvalidated Referer header allows open redirect and phishing

Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and...

CVE-2025-64115 Movary unvalidated Referer header allows open redirect and phishing

Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and...

CVE-2025-64115

Summary: Movary (web application) prior to 0.69.0 is affected by an open redirect in multiple settings endpoints that directly used the HTTP Referer header for redirects (versions up to and including 0.68.0). This can enable phishing via crafted links to attacker‑controlled sites. Affected compon...

Movary 输入验证错误漏洞

Movary is a movie review program by Lee Peuker Personal Developer. An input validation error vulnerability exists in Movary 0.68.0 and prior versions that stems from a direct redirection using the HTTP Referer header value, which could lead to open redirection attacks and phishing attacks...

CVE-2024-8260

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...

PT-2018-3607 · Poppler +4 · Poppler +4

Name of the Vulnerable Software and Affected Versions: Poppler version 0.68.0 Description: The issue is related to the Parser::getObj function in the Poppler library for rendering PDF files, which can cause infinite recursion when processing a crafted file. This can be exploited by a remote...