Lucene search
K

105 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 10:28 p.m.14 views

Malicious code in runtime-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ac68a991ebaacd1aef772aa462ad53510471f9f4439659a6e685e877aa460e On require, index.js lines 70-77 fetches JSON from https://jsonkeeper.com/b/CI3HT, extracts the .cookie field from the response, and passes it to new...

6.5AI score
Exploits0References2
Circl
Circl
added 2026/05/29 1:15 a.m.8 views

CVE-2026-10057

creationtimestamp| type| source ---|---|--- 2026-05-29 01:15:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10942-2b78b-2.html...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:13 p.m.5 views

CVE-2026-40332

Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...

5.3CVSS5.7AI score0.00328EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/03/16 9:17 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the groupsroles.php process. An attacker can cause unauthorized deletion, activation, or...

6.8CVSS5.8AI score0.0013EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 8:16 p.m.4 views

CVE-2026-28413

Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...

5.3CVSS5.8AI score0.00227EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.5 views

PT-2026-22990

Name of the Vulnerable Software and Affected Versions Products.isurlinportal versions prior to 2.1.0 Products.isurlinportal versions prior to 3.1.0 Products.isurlinportal versions prior to 4.0.0 Description A specially crafted URL, such as /login?came from=////evil.example, could redirect a user ...

5.3CVSS5.8AI score0.00227EPSS
Exploits0References6
CVE
CVE
added 2026/02/19 2:58 p.m.18 views

CVE-2025-71244

SPIP ≤ 4.4.5 (and 4.3.9) is affected by an Open Redirect via the login form when used in AJAX mode. A malicious URL can cause a logged-in victim to be redirected to an arbitrary external site after login if the login page has been overridden to function in AJAX mode; it is not mitigated by the SP...

6.1CVSS5.7AI score0.00196EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.6 views

CVE-2019-18781

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site...

6.1CVSS6.7AI score0.01843EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.4 views

CVE-2025-23363

A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...

7.4CVSS7.2AI score0.00518EPSS
Exploits0References1
CVE
CVE
added 2025/12/03 5:0 p.m.15 views

CVE-2025-20382

CVE-2025-20382 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power role) can create a views dashboard with a custom background via the data:image/png;base64 protocol, potentially causing an unvalidated redirect. This bypasses the external URL warning mechan...

5.4CVSS6.3AI score0.0019EPSS
Exploits0References1Affected Software2
Circl
Circl
added 2025/10/22 4:33 a.m.12 views

CVE-2025-53072

creationtimestamp| type| source ---|---|--- 2025-10-22 04:33:55+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m3qzdj5an22i 2025-10-22 07:21:45+00:00| seen| https://poliverso.org/objects/0477a01e-736b48f2-6409a361f7d72e52 2025-10-22 07:25:50+00:00| seen|...

9.8CVSS7.6AI score0.00652EPSS
Exploits3References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-20636

Malware in sbrugna...

6.1CVSS6.3AI score0.00905EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.21 views

EUVD-2021-1904

Malware in sbrugna...

6.9CVSS6.8AI score0.01198EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-8490

Malware in sbrugna...

6.1CVSS6.3AI score0.01843EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-31745

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00318EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-8736

Malicious code in bioql PyPI...

5.1CVSS6.6AI score0.0019EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.2 views

OnboardLite 输入验证错误漏洞

OnboardLite is an open source application from Hack@UCF. A security vulnerability exists in OnboardLite that stems from a specially crafted link that could result in a redirection to a malicious external site...

5.1CVSS6.6AI score0.00296EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.12 views

PT-2025-34076 · Unknown · Onboardlite

Name of the Vulnerable Software and Affected Versions: OnboardLite versions with commit hash 6cca19e or later Description: An attacker can manipulate a link to the trusted application, redirecting users to a malicious external site upon access. This enables phishing, credential theft, malware...

5.1CVSS6AI score0.00296EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/15 4:10 p.m.5 views

CVE-2025-8066 Bunker Web 1.6.2 - Uncontrolled external site redirect

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2...

4.8CVSS7.1AI score0.00402EPSS
Exploits0References3
Veracode
Veracode
added 2025/07/09 5:38 a.m.6 views

Open Redirect

better-auth is vulnerable to open redirect. The vulnerability is due to improper validation of user-supplied URLs in the originCheck middleware, which allows an attacker to redirect users to arbitrary external sites via crafted requests to routes such as /verify-email, /reset-password/:token,...

5.3CVSS6.3AI score0.00334EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder