Lucene search
K

255 matches found

NVD
NVD
added 2025/05/23 4:15 p.m.54 views

CVE-2025-48376

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...

3.5CVSS0.00214EPSS
Exploits0References2
OSV
OSV
added 2025/05/23 4:11 p.m.9 views

GHSA-62MF-VHHW-XMF8 DNN site Import could use an external source with a crafted request

A malicious SuperUser Host could craft a request to use an external url for a site export to then be imported...

3.5CVSS6.9AI score0.00214EPSS
Exploits0References4
CVE
CVE
added 2025/05/23 3:37 p.m.74 views

CVE-2025-48376

CVE-2025-48376 affects DNN (DotNetNuke) prior to 9.13.9. A malicious SuperUser (Host) could craft a request to use an external URL for a site export, which could then be imported. The issue is fixed in version 9.13.9. Other related issues (CVE-2025-48377, CVE-2025-48378) are reported by Nessus bu...

3.5CVSS3.8AI score0.00214EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.7 views

CVE-2024-26283

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...

7.8CVSS6.3AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.14 views

CVE-2024-28235

Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Cont...

8.3CVSS6.7AI score0.00708EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.10 views

PT-2025-22813 · Dnn · Dnn

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.9 Description: A malicious SuperUser Host could craft a request to use an external URL for a site export to then be imported. This issue is related to the DNN formerly DotNetNuke open-source web...

3.5CVSS6AI score0.00214EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/05/07 8:33 a.m.5 views

thunderbird: Leak of hashed Window credentials via crafted attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...

6.3CVSS6.6AI score0.0024EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/05/07 5:58 a.m.5 views

thunderbird: User Interface (UI) Misrepresentation of attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the...

6.4CVSS6.5AI score0.0028EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/04/10 5:20 p.m.20 views

CVE-2025-32026

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...

3.8CVSS7AI score0.00143EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/08 4:15 p.m.4 views

CVE-2025-32026

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...

3.8CVSS6.5AI score0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/08 3:22 p.m.14 views

CVE-2025-32026 Element Web could load a malicious instance of Element Call leaking media encryption keys

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...

3.8CVSS0.00143EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 3:22 p.m.52 views

CVE-2025-32026

Element Web (Matrix Web client) versions 1.11.16–1.11.96 expose a vulnerability where, if configured to load Element Call from an external URL, an external page can gain access to media encryption keys used during a call. Root cause: external URL loading creates a trust boundary bypass that leaks...

3.8CVSS7.1AI score0.00143EPSS
Exploits0References1
OSV
OSV
added 2025/04/08 3:22 p.m.4 views

CVE-2025-32026 Element Web could load a malicious instance of Element Call leaking media encryption keys

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...

3.8CVSS6.9AI score0.00143EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/01 12:20 a.m.6 views

CVE-2024-54957

Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without their consent...

6.1CVSS6.7AI score0.00551EPSS
Exploits0References1
OSV
OSV
added 2025/02/27 8:16 p.m.6 views

CVE-2024-54957

Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without their consent...

6.1CVSS5.9AI score0.00551EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/27 12:0 a.m.12 views

CVE-2024-54957

Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without their consent...

0.00551EPSS
Exploits0References2
CVE
CVE
added 2025/02/27 12:0 a.m.42 views

CVE-2024-54957

Nagios XI 2024R1.2.2 is affected by an open redirect on the Tools page. The flaw allows a user with read‑only permissions to craft a link that redirects to an arbitrary external URL without user consent. Root cause not explicitly detailed in the provided documents beyond the open redirect behavio...

6.1CVSS6.7AI score0.00551EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 3:30 a.m.7 views

CVE-2024-45290

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided...

7.7CVSS6.5AI score0.00579EPSS
Exploits1References1
CVE
CVE
added 2024/10/07 8:12 p.m.53 views

CVE-2024-45290

PhpSpreadsheet (PHPSpreadsheet) is affected by CVE-2024-45290 through its XLSX reading flow. When opening an XLSX, the library may pass a URL path to the image-dimension/TYPE check, and with crafted php://filter URLs, an attacker can leak file contents or remote resources. The underlying root cau...

7.7CVSS7.4AI score0.00579EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/09/23 12:0 a.m.6 views

Lobe Chat 代码问题漏洞

Lobe Chat is an open source, high-performance chatbot framework open sourced from LobeHub. A code issue vulnerability exists in Lobe Chat prior to version 1.19.13, which stems from the server-side request forgery protection implemented in src/app/api/proxy/route.ts does not account for redirectio...

9CVSS6.7AI score0.10996EPSS
Exploits4References5
Rows per page
Query Builder