Lucene search
K

160 matches found

NVD
NVD
added 2024/08/20 2:15 p.m.30 views

CVE-2024-6379

A reflected Cross-site Scripting XSS vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

7.7CVSS0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.7 views

Citrix Systems NetScaler ADC and Citrix Systems NetScaler Gateway Security Vulnerabilities

Citrix Systems NetScaler Gateway Citrix Systems Gateway and Citrix Systems NetScaler ADC are both products of Citrix Systems, Inc.Citrix Systems NetScaler Gateway is a secure remote access solution. The solution provides administrators with application-level and data-level controls to enable user...

6.1CVSS6.9AI score0.00552EPSS
Exploits0References2
OSV
OSV
added 2024/06/18 7:17 a.m.21 views

BIT-ELK-2024-23442 Kibana open redirect issue

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL...

6.1CVSS6.1AI score0.00337EPSS
Exploits0References2
NVD
NVD
added 2024/06/03 10:15 a.m.22 views

CVE-2024-23664

A URL redirection to untrusted site 'open redirect' in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL...

6.1CVSS6.1AI score0.00347EPSS
Exploits0References1
CVE
CVE
added 2024/03/21 2:50 p.m.62 views

CVE-2024-2465

Open redirection vulnerability in CDeX enables redirection to arbitrary websites via a crafted URL and affects CDeX versions up to 5.7.1, per RH and NVD entries. No remediation or exploit specifics are provided in the connected documents.

7.1CVSS6.9AI score0.00598EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.35 views

Debian dla-3765 : cacti - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3765 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3765-1 [email protected]...

9.8CVSS8.5AI score0.87575EPSS
Exploits22References28
BDU FSTEC
BDU FSTEC
added 2024/02/29 12:0 a.m.5 views

The vulnerability in the cursor display implementation of Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows a hacker to obtain arbitrary permissions on a website without user consent.

The vulnerability in the cursor display implementation of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an incorrect limitation on the number of layers or frames that can be displayed. Exploiting this vulnerability allows a malicious actor to obtain arbitrary...

5CVSS6.8AI score0.00525EPSS
Exploits0References14Affected Software12
NVD
NVD
added 2024/02/15 5:15 a.m.27 views

CVE-2024-25559

URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...

4.7CVSS6.5AI score0.00448EPSS
Exploits0References2
Prion
Prion
added 2024/01/26 7:15 a.m.16 views

Authorization

Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...

5.8CVSS7.2AI score0.00385EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/24 12:0 a.m.38 views

JVN#70818619: "Mercari" App for Android fails to restrict custom URL schemes properly

"Mercari" App for Android by Mercari, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...

6.1CVSS6.2AI score0.00385EPSS
Exploits0
CNNVD
CNNVD
added 2024/01/24 12:0 a.m.5 views

Mercari Security Vulnerability

Mercari is an online trading application for used items from Mercari Japan. A security vulnerability exists in Mercari versions prior to 5.78.0, which stems from improperly restricting access using custom URLs, and could allow a remote attacker to direct a user to an arbitrary website...

6.1CVSS6.8AI score0.00385EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/11/01 10:11 p.m.16 views

CVE-2023-45203 Online Examination System v1.0 - Multiple Open Redirects

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

6.1CVSS7AI score0.00407EPSS
Exploits1References2
Amazon
Amazon
added 2023/10/24 12:0 a.m.41 views

Important: cacti

Issue Overview: Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution ...

7.2CVSS8.6AI score0.82186EPSS
Exploits7
Vulnrichment
Vulnrichment
added 2023/09/11 12:0 a.m.11 views

CVE-2023-41609

An open redirect vulnerability in the sanitizeurl parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL...

6.6AI score0.00358EPSS
Exploits1References1
OSV
OSV
added 2023/09/11 12:0 a.m.15 views

CVE-2023-41609

An open redirect vulnerability in the sanitizeurl parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL...

6.1CVSS6.8AI score0.00358EPSS
Exploits1References3
NVD
NVD
added 2023/09/05 10:15 p.m.15 views

CVE-2023-39364

Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The authchangepassword.php file accepts ref as a URL parameter and...

5.4CVSS6.6AI score0.00628EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2023/09/05 9:13 p.m.28 views

CVE-2023-39364

Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The authchangepassword.php file accepts ref as a URL parameter and...

5.4CVSS5.8AI score0.00628EPSS
Exploits1
NVD
NVD
added 2023/08/25 4:15 a.m.19 views

CVE-2023-40530

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device...

4.7CVSS4.6AI score0.0049EPSS
Exploits0References3
Prion
Prion
added 2023/08/25 4:15 a.m.16 views

Authorization

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device...

4.3CVSS4.6AI score0.0049EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/25 3:47 a.m.13 views

CVE-2023-40530

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device...

6.7AI score0.0049EPSS
Exploits0References3
Rows per page
Query Builder