CVE-2026-34258

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

PT-2026-39919

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

Ubuntu 16.04 LTS / 18.04 LTS : HtmlUnit vulnerability (USN-8220-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8220-1 advisory. It was discovered that HtmlUnit was vulnerable to remote code execution via XSLT when browsing an attacker-controlled webpage. An attacker could...

CVE-2026-41398

OpenClaw (npm package) is affected by an improper access-control vulnerability in the iOS A2UI bridge prior to 2026.4.2. A local-network or tailnet page can be loaded to a vulnerable session and trigger unauthorized agent.request runs, polluting session state and depleting budget. The issue is fi...

PT-2026-25726

ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...

CVE-2026-2634

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4...

Mozilla Firefox for iOS 安全漏洞

Mozilla Firefox for iOS is a web browser designed for iOS devices by the Mozilla Foundation in the United States. Versions of Mozilla Firefox for iOS prior to 147.4 contained a security vulnerability. This vulnerability allowed malicious scripts to cause the address bar and web content to be out ...

PT-2026-21689

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 147.4 Description A flaw exists in Firefox for iOS that could allow malicious scripts to cause a mismatch between the address bar display and the actual web content. This could lead to a user being presented...

Security Vulnerabilities fixed in Firefox for iOS 147.4 — Mozilla

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains...

EUVD-2025-22467

Malicious code in bioql PyPI...

CVE-2025-44109

A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlled pages...

CVE-2025-50477

A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages...

CVE-2025-44109

A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlled pages...

CVE-2025-50477

A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages...

CVE-2025-44109

A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlled pages...

CVE-2025-50477

A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages...

CVE-2025-50477

A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages...

CVE-2025-44109

CVE-2025-44109 describes a URL redirection vulnerability in Pinokio v3.6.23 that can redirect victim users to attacker-controlled pages. Affected software: Pinokio Desktop (v3.6.23); underlying issue attributed to the URL redirection feature. Impact per CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A...

CVE-2025-50477

CVE-2025-50477 describes a URL redirection vulnerability in lbry-desktop version 0.53.9. The issue arises from the URL redirection feature, enabling an attacker to redirect users to attacker-controlled pages. Documented impact is user redirection with low confidentiality and availability impact, ...

UJCMS 安全漏洞

UJCMS is a Java open source content management system from dromara open source. A security vulnerability exists in UJCMS version 9.6.3, which stems from improper URL authentication and a URL redirection vulnerability that allows an authenticated attacker to redirect an unprivileged user to an...