Lucene search
K

255 matches found

NVD
NVD
added 2026/06/30 10:16 p.m.11 views

CVE-2026-58450

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS0.00176EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 9:7 p.m.14 views

CVE-2026-58450

Invoice Ninja 5.13.26 contains an open redirect in the client portal login. An unauthenticated attacker can craft a login link with a malicious external URL in the intended parameter, which is stored in the user session without host validation and emitted verbatim via a bare redirect in ContactLo...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 11:16 p.m.18 views

CVE-2026-42846

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...

9.8CVSS0.00603EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 10:49 p.m.79 views

EUVD-2026-36367

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...

9.8CVSS5.7AI score0.00603EPSS
Exploits0References1
Circl
Circl
added 2026/06/11 10:19 p.m.7 views

CVE-2026-45175

creationtimestamp| type| source ---|---|--- 2026-06-11 22:19:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo2b2ibw7o23...

8.5CVSS5.3AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.11 views

CVE-2026-28301

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS5.5AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 5:15 p.m.16 views

CVE-2026-20256

Splunk Enterprise (versions < 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (versions

5.7CVSS5.4AI score0.00252EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.32 views

Linux Distros Unpatched Vulnerability : CVE-2026-41854

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a...

6.5CVSS5.4AI score0.00123EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.11 views

CVE-2026-28301

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS0.0021EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:9 p.m.11 views

Malicious code in @0xlr/sentry-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cda998358d5cfe20dc0c060f7e212e44ee41e6f369f42c15badbfdd7b796744 On npm install, this package automatically executes postinstall.js, which enumerates the entire process.env every environment variable, including CI...

5.5AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:41 p.m.32 views

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 3:41 p.m.38 views

CVE-2026-28301

Technical specifics (affected products, versions, root cause, exploitability, mitigations) are not provided in the connected documents. Monitor for updates.

4.8CVSS5.5AI score0.0021EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:16 a.m.15 views

CVE-2026-41854

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

6.5CVSS0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 5:16 a.m.8 views

UBUNTU-CVE-2026-41854

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

6.5CVSS5.5AI score0.00123EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 3:51 a.m.57 views

CVE-2026-41854

The CVE affects Spring Framework 7.0.0–7.0.7 and 6.2.0–6.2.18, where incorrect host parsing in UriComponentsBuilder may allow a server-side request forgery (SSRF) when parsing an externally provided URL string. The vulnerability is described as an SSRF condition resulting from this parsing flaw. ...

6.5CVSS5.5AI score0.00123EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-43986

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

9.9CVSS5.6AI score0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 2:33 p.m.36 views

CVE-2026-43986 Tautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replay

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

9.9CVSS0.00262EPSS
Exploits0References2
Circl
Circl
added 2026/05/29 10:28 p.m.16 views

CVE-2026-10107

creationtimestamp| type| source ---|---|--- 2026-05-29 22:28:33+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mmzlicfzir2o 2026-05-30 20:01:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn3tqyigao2p...

7.7CVSS5.8AI score0.0025EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

flowintel 安全漏洞

Flowintel is an open-source security analyst case and task management platform developed by flowintel. Versions of FlowIntel 3.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the external reference URL detection function in the app/case/task.py file, which has a...

6.2CVSS5.8AI score0.00232EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 1:22 p.m.11 views

Malicious code in ihubinternal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d05496a74a52542f8bf237430ae41377eb71e3710b41abfcc1f7b5cf3642885 The package exports a VelocityAuth function that, when called by integrating applications, sends end-user Solana wallet public keys, signed...

5.8AI score
Exploits0References1
Rows per page
Query Builder