Lucene search
K

27 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-27779

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...

7.5CVSS0.00166EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41637

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...

5.9AI score0.00166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 6:28 a.m.4 views

CVE-2024-23983

Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules...

5.8CVSS6.9AI score0.00413EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/03 12:0 a.m.22 views

Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization...

9.8CVSS6.8AI score0.92266EPSS
In wildExploits6
Zero Day Initiative
Zero Day Initiative
added 2024/12/02 12:0 a.m.7 views

Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 5814 by...

7.3CVSS7.1AI score0.01138EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/17 6:29 p.m.45 views

CVE-2024-45612 Insert tag injection via canonical URL in Contao

Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page front end. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root...

5.3CVSS0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/17 6:29 p.m.20 views

CVE-2024-45612 Insert tag injection via canonical URL in Contao

Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page front end. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root...

5.3CVSS5.3AI score0.00298EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/13 9:35 p.m.36 views

CVE-2023-32301 Discourse's canonical url not being used for topic embeddings

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

3.1CVSS5.5AI score0.00423EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.4 views

SUSE CVE-2013-4558

The getparentresource function in repos.c in moddavsvn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service assertion failure and Apache...

3.5CVSS6.9AI score0.05882EPSS
Exploits0References6
0day.today
0day.today
added 2022/06/03 12:0 a.m.220 views

Contao 4.13.2 - Cross-Site Scripting Vulnerability

Exploit Title: Contao 4.13.2 - Cross-Site Scripting XSS Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://contao.org/en/ Software Link: https://github.com/contao/contao/releases/tag/4.13.2 Version: 4.13.2 Tested on: KALI OS CVE : CVE-2022-1588 References: -...

0.1AI score
Exploits3
Packet Storm
Packet Storm
added 2022/06/03 12:0 a.m.233 views

Contao 4.13.2 Cross Site Scripting

Exploit Title: Contao 4.13.2 - Cross-Site Scripting XSS Google Dork: NA Date: 04/28/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://contao.org/en/ Software Link: https://github.com/contao/contao/releases/tag/4.13.2 Version: 4.13.2 Tested on: KALI OS CVE : CVE-2022-15...

Exploits3
Github Security Blog
Github Security Blog
added 2022/05/13 1:19 a.m.26 views

SEOmatic plugin for Craft CMS SSTI Vulnerability

A Server Side Template Injection SSTI was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code...

7.5CVSS7.5AI score0.33034EPSS
Exploits3References8Affected Software1
OSV
OSV
added 2022/05/13 1:8 a.m.13 views

GHSA-2MVG-C6MG-3Q63 Concrete CMS vulnerable to cross-site scripting (XSS)

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header. This is stored...

6.1CVSS6AI score0.02752EPSS
Exploits5References6
Friends Of PHP
Friends Of PHP
added 2022/05/05 6:38 a.m.24 views

Cross site scripting via canonical URL

More info at https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html...

7.2CVSS7.2AI score0.03795EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/05/05 6:38 a.m.34 views

Cross site scripting via canonical URL

More info at https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html...

7.2CVSS7.2AI score0.03795EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2017/05/23 7:53 a.m.18 views

HTML Injection

concrete5 is vulnerable to HTML injection. If there is no canonical URL defined during setup, a malicious user can initiate a GET request with any domain name in the HOST header, allowing for arbitrary domains to be set for certain links. It can also act as a potential vector for cross-site...

6.1CVSS6.2AI score0.02752EPSS
Exploits5References7Affected Software1
NVD
NVD
added 2017/04/13 5:59 p.m.27 views

CVE-2017-7725

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored...

6.1CVSS6.2AI score0.02752EPSS
Exploits5References5
OSV
OSV
added 2017/04/13 5:59 p.m.19 views

CVE-2017-7725

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored...

6.1CVSS5.9AI score
Exploits0References5
Prion
Prion
added 2017/04/13 5:59 p.m.13 views

Design/Logic Flaw

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored...

4.3CVSS6AI score0.02752EPSS
Exploits5References5Affected Software1
Fedora
Fedora
added 2017/03/08 1:59 p.m.18 views

[SECURITY] Fedora 25 Update: drupal7-metatag-1.21-1.fc25

The Metatag module allows you to automatically provide structured metadata, aka "meta tags", about your website. In the context of search engine optimization, when people refer to meta tags they are usually referring to the meta description tag and the meta keywords tag that may help improve the...

0.3AI score
Exploits0
Rows per page
Query Builder