EUVD-2026-22043

Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the returnto parameter. Attackers can craft malicious login URLs with unvalidated returnto values to conduct phishing attacks and steal user credentials...

SuiteCRM 输入验证错误漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 had a vulnerability related to input validation errors. This vulnerability stemmed from an unvalidated redirection in the WebToLead capture function, which could le...

CVE-2026-1628 Mattermost allows external websites to open within the app, exposing preload functionality to non-trusted sites.

Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...

CVE-2026-24768

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect open redirect vulnerability exists in NocoDB’s login flow due to missing validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect...

Unvalidated Redirect

NocoDB is vulnerable to an unvalidated redirect. The vulnerability is due to missing validation of the user-controlled continueAfterSignIn parameter in the login flow, which allows an attacker to redirect authenticated users to arbitrary external websites after login...

EUVD-2023-1470

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the domain field in the email creation form by redirecting users to malicious external websites. Details Cross-site scripting or XSS is a code...

CVE-2024-51112

Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script...

CVE-2024-51112

Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script...

Cross-Site Request Forgery (CSRF)

silverstripe/framework is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to a lack of proper CSRF token verification in gridFieldAlterAction submissions, which allows attackers to trick users with CMS access into posting unspecified data from external websites...

Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter

GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS...

Open Redirection

OroPlatform is vulnerable to Open Redirection. The vulnerability is due to improper validation of URLs, allowing attackers to redirect users to external websites...

Open Redirect

OroCRM is vulnerable to Open Redirect. The vulnerability is due to improper validation of URLs, allowing attackers to redirect users to external websites...

Cross-Site Request Forgery (CSRF)

gradio is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to inadequate Cross-Origin Resource Sharing CORS validation, which allows an external websites to make requests to gradio applications running locally...

PT-2023-21428 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to cause a denial-of-service by linking to a specially crafted webpage in a message, due to the failure to validate links on external websites when...

Open redirect

Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...

TikTok’s In-App Browser Can Monitor Your Activity on External Websites

By Deeba Ahmed Other iPhone apps using in-app browsers were also tested in the research but TikTok was the only app to monitor keystrokes. This is a post from HackRead.com Read the original post: TikToks In-App Browser Can Monitor Your Activity on External Websites...

CVE-2019-12784

An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and...

Clario: Open redirect on https://account.mackeeper.com

Summary An attacker can redirect a user to any external website using the vulnerable parameter in https://account.mackeeper.com/auth/fb use parameter continue. Steps To Reproduce 1. Visit the following url: https://account.mackeeper.com/auth/fb?continue=https://google.com 2. Login 3. This will...

ZEIT: Open redirection in https://zeit.co/login?next=

you have a open redirection bug in https://zeit.co/login?next= now i want to redirect the victem to https://www.google.com https://zeit.co/login?next=\www.google.com done !! it will redirected F511594 Impact redirect the victems to any page and it can be xss bug...