CVE-2026-33296 AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains an open redirect vulnerability in the login flow where a user-supplied redirectUri parameter is reflected directly into a JavaScript document.location assignment without JavaScript-safe encoding. After a use...

CVE-2025-55204

muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...

CVE-2025-11190

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...

EUVD-2025-33713

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...

CVE-2025-11190 CVE-2025-11190

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...

EUVD-2025-6925

Malicious code in bioql PyPI...

GHSA-CP5V-2HMC-3VJX WSO2 is vulnerable to Open Redirect through multi-option URL in its authentication endpoint

An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site. By...

CVE-2024-8021

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

GHSA-7V2W-H4GH-W5CV Gradio Vulnerable to Open Redirect

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

Gradio Vulnerable to Open Redirect

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

CVE-2024-8021

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

CVE-2024-8021 Open Redirect in gradio-app/gradio

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

CVE-2024-8021 Open Redirect in gradio-app/gradio

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

undici: Undici Uses Insufficiently Random Values

A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...

Cross Site Scripting (XSS)

Algeron is vulnerable to Cross Site Scripting. The vulnerability is due to a lack of url data sanitization in the RegisterHandlers function of handlers.go, which can result in cookie stealing or redirection to an attacker controlled site...

Open Redirect

undici is vulnerable to open redirect. The vulnerability exists due to the insufficient checks in shouldRemoveHeader function, which results in accidental leakage of cookie headers, allowing an attacker to redirect the victim to an attacker controlled site...

Open Redirect

web2py is vulnerable to open redirect. The vulnerability exists due to a lack of sanitization allowing an attacker to redirect url's to an attacker controlled site...

CVE-2022-28868

An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time until the page loads to think content may be coming from a valid domain, while the content comes from the...

PT-2021-5336 · Cisco · Cisco Webex Meetings

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings affected versions not specified Description: A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation...

Cross-site Scripting (XSS) - Reflected in zikula/core

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC Request: POST /permissions/test HTTP/1.1 Host: demo.ziku.la Cookie: zsid=qk60gkn4dmhgrjc6io2kt3dij4 User-Agent:...