Lucene search
K

6453 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/04 5:37 p.m.7 views

CVE-2026-42140

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...

4.4CVSS5.8AI score0.00151EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

Gradio 输入验证错误漏洞

Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Prior to version 6.6.0, Gradio had a vulnerability related to input validation. This vulnerability stemmed from the redirecttotarget function in the...

4.7CVSS5.8AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.7 views

CVE-2026-24847

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Eye Exam form module allows any authenticated user to be redirected to an arbitrary external URL. This can be exploited for phishing attacks against healthcare...

6.1CVSS5.6AI score0.00176EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.11 views

OpenEMR 输入验证错误漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Prior to OpenEMR 8.0.0, there was a vulnerability related to...

6.1CVSS5.9AI score0.00176EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/28 5:30 a.m.7 views

CVE-2026-1298

The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the imagereplacementfromurl function that is hooked to the erifromurl AJAX action. This makes it possible for authenticated...

5.3CVSS5.9AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.15 views

PT-2026-5061

The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the image replacement from url function that is hooked to the eri from url AJAX action. This makes it possible for...

5.3CVSS5.9AI score0.00254EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.6 views

CVE-2026-22032

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the RelayState parameter is intended to preserve the user's original...

6.1CVSS7.6AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.7 views

CVE-2021-33331

Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter...

6.1CVSS7.1AI score0.00977EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:5 a.m.9 views

CVE-2024-34074

Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0...

6.1CVSS6.7AI score0.00574EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 5:23 p.m.5 views

EUVD-2025-202169

JDA Java Discord API downloads external URLs when updating message components...

6.4AI score
Exploits0References3
CNNVD
CNNVD
added 2025/11/01 12:0 a.m.6 views

WordPress plugin Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 代码问题漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

9.8CVSS8AI score0.00975EPSS
Exploits0References4
OSV
OSV
added 2025/10/27 7:16 p.m.3 views

CVE-2025-62253

Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redire...

6.1CVSS7AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/27 6:54 p.m.2 views

CVE-2025-62253

Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redire...

6.9CVSS6.7AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/13 9:31 p.m.6 views

EUVD-2025-34084

Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL...

3.5CVSS6.4AI score0.00276EPSS
Exploits0References2
NVD
NVD
added 2025/10/13 8:15 p.m.6 views

CVE-2025-58084

Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL...

6.5CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 2025/10/13 7:57 p.m.15 views

CVE-2025-58084

Mattermost Desktop App up to version 5.13.0 is affected. The issue is due to improper validation of URLs external to configured Mattermost servers, allowing a malicious server to crash the user’s application by sending a malformed external URL. Affected product: Mattermost Desktop App (versions

6.5CVSS6.5AI score0.00276EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-1025

Malware in sbrugna...

4.3CVSS6.3AI score0.02337EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-1169

Malware in sbrugna...

6.1CVSS6.1AI score0.045EPSS
Exploits5References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-7588

Malware in sbrugna...

6.5CVSS6.5AI score0.00964EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18129

Malware in sbrugna...

8.1CVSS8.1AI score0.00724EPSS
Exploits0References3
Rows per page
Query Builder