104 matches found
CVE-2026-10057
creationtimestamp| type| source ---|---|--- 2026-05-29 01:15:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10942-2b78b-2.html...
CVE-2026-40332
Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...
Cross-site Request Forgery (CSRF)
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the groupsroles.php process. An attacker can cause unauthorized deletion, activation, or...
CVE-2026-28413
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...
PT-2026-22990
Name of the Vulnerable Software and Affected Versions Products.isurlinportal versions prior to 2.1.0 Products.isurlinportal versions prior to 3.1.0 Products.isurlinportal versions prior to 4.0.0 Description A specially crafted URL, such as /login?came from=////evil.example, could redirect a user ...
CVE-2025-71244
SPIP ≤ 4.4.5 (and 4.3.9) is affected by an Open Redirect via the login form when used in AJAX mode. A malicious URL can cause a logged-in victim to be redirected to an arbitrary external site after login if the login page has been overridden to function in AJAX mode; it is not mitigated by the SP...
CVE-2019-18781
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site...
CVE-2025-23363
A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...
CVE-2025-20382
CVE-2025-20382 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power role) can create a views dashboard with a custom background via the data:image/png;base64 protocol, potentially causing an unvalidated redirect. This bypasses the external URL warning mechan...
CVE-2025-53072
creationtimestamp| type| source ---|---|--- 2025-10-22 04:33:55+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m3qzdj5an22i 2025-10-22 07:21:45+00:00| seen| https://poliverso.org/objects/0477a01e-736b48f2-6409a361f7d72e52 2025-10-22 07:25:50+00:00| seen|...
EUVD-2020-20636
Malware in sbrugna...
EUVD-2019-8490
Malware in sbrugna...
EUVD-2021-1904
Malware in sbrugna...
EUVD-2023-31745
Malicious code in bioql PyPI...
EUVD-2025-8736
Malicious code in bioql PyPI...
PT-2025-34076 · Unknown · Onboardlite
Name of the Vulnerable Software and Affected Versions: OnboardLite versions with commit hash 6cca19e or later Description: An attacker can manipulate a link to the trusted application, redirecting users to a malicious external site upon access. This enables phishing, credential theft, malware...
OnboardLite 输入验证错误漏洞
OnboardLite is an open source application from Hack@UCF. A security vulnerability exists in OnboardLite that stems from a specially crafted link that could result in a redirection to a malicious external site...
CVE-2025-8066 Bunker Web 1.6.2 - Uncontrolled external site redirect
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2...
Open Redirect
better-auth is vulnerable to open redirect. The vulnerability is due to improper validation of user-supplied URLs in the originCheck middleware, which allows an attacker to redirect users to arbitrary external sites via crafted requests to routes such as /verify-email, /reset-password/:token,...
CVE-2024-4187
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites...