6453 matches found
CVE-2026-42140
PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...
Gradio 输入验证错误漏洞
Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Prior to version 6.6.0, Gradio had a vulnerability related to input validation. This vulnerability stemmed from the redirecttotarget function in the...
CVE-2026-24847
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Eye Exam form module allows any authenticated user to be redirected to an arbitrary external URL. This can be exploited for phishing attacks against healthcare...
OpenEMR 输入验证错误漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Prior to OpenEMR 8.0.0, there was a vulnerability related to...
CVE-2026-1298
The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the imagereplacementfromurl function that is hooked to the erifromurl AJAX action. This makes it possible for authenticated...
PT-2026-5061
The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the image replacement from url function that is hooked to the eri from url AJAX action. This makes it possible for...
CVE-2026-22032
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the RelayState parameter is intended to preserve the user's original...
CVE-2021-33331
Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter...
CVE-2024-34074
Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0...
EUVD-2025-202169
JDA Java Discord API downloads external URLs when updating message components...
WordPress plugin Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 代码问题漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...
CVE-2025-62253
Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redire...
CVE-2025-62253
Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redire...
EUVD-2025-34084
Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL...
CVE-2025-58084
Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL...
CVE-2025-58084
Mattermost Desktop App up to version 5.13.0 is affected. The issue is due to improper validation of URLs external to configured Mattermost servers, allowing a malicious server to crash the user’s application by sending a malformed external URL. Affected product: Mattermost Desktop App (versions
EUVD-2008-1025
Malware in sbrugna...
EUVD-2021-1169
Malware in sbrugna...
EUVD-2019-7588
Malware in sbrugna...
EUVD-2021-18129
Malware in sbrugna...