Lucene search
K

5 matches found

NVD
NVD
added yesterday5 views

CVE-2026-55590

CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the...

5.1CVSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/05/25 7:33 a.m.13 views

CVE-2026-8368

A flaw was found in LWP::UserAgent, a component of perl-libwww-perl. This vulnerability allows a remote attacker to obtain a user's credentials by redirecting a request to an attacker-controlled host. When processing a redirect, the LWP::UserAgent fails to properly strip Authorization and...

6.5CVSS5.7AI score0.00266EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/12 5:11 p.m.6 views

CVE-2026-42177 linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 9:16 p.m.3 views

CVE-2026-40301

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to...

4.7CVSS0.00271EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28524

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.39.0 Description The cpp-httplib HTTP client improperly handles cross-origin HTTP redirects 301, 302, 307, 308. Specifically, it forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary...

7.4CVSS6AI score0.00262EPSS
Exploits2References16
Rows per page
Query Builder