6474 matches found
Musicbox WordPress - Reflected XSS
contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13327 info:...
CVE-2026-44745
SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...
EUVD-2026-43585
SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...
CVE-2026-58489
HedgeDoc is an open source, real-time collaborative markdown notes application. Prior to 1.11.0, the GitHub Gist export flow created an OAuth2 state value but only checked that it was present rather than validating it against the value expected for the user's session. Because the state was not...
CVE-2026-57793
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Flow flow allows PHP Local File Inclusion.This issue affects Flow: from n/a through = 1.8...
CVE-2026-57793 WordPress Flow theme <= 1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Flow flow allows PHP Local File Inclusion.This issue affects Flow: from n/a through = 1.8...
CVE-2026-57793
CVE-2026-57793 affects the Flow WordPress theme by Elated-Themes. The issue is an improper filename control in Include/Require statements, resulting in a PHP Local File Inclusion (LFI). Affected versions are Flow:
PT-2026-57920
Name of the Vulnerable Software and Affected Versions HedgeDoc versions prior to 1.11.0 Description The GitHub Gist export flow fails to properly validate the OAuth2 state value, checking only for its presence instead of verifying it against the user session. This allows an attacker to forge a...
CVE-2026-10664 Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)
The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...
Open Redirect
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Open Redirect via the redirect-intended process. An attacker can redirect users to arbitrary external websites by manipulating the Referer header during the user edit flow...
CVE-2026-55659
Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...
CVE-2026-12761 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.7.0 - Unauthenticated Authentication Bypass to Administrator Account Takeover via Profile Completion OTP Flow
The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow accepting an arbitrary email address via the...
CVE-2026-12761
Summary (CVE-2026-12761) The miniOrange Social Login and Register plugin for WordPress is vulnerable through the Profile Completion OTP flow in versions up to and including 7.7.0. The flow accepts an arbitrary email via the email_field POST parameter and does not verify that the email belongs to ...
CVE-2026-55479
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...
CVE-2026-55461 Snipe-IT: Open Redirect After User Edit
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url-previous from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect-intended... when redirectoption=back is submitted, allowing Snipe-IT to be used a...
CVE-2026-55461
Snipe-IT (IT asset/license management) versions prior to 8.6.2 are vulnerable: the user edit flow stores url()->previous() from the attacker-controlled Referer header into Laravel’s intended URL session value and subsequently uses redirect()->intended(...) when redirect_option=back is submi...
EUVD-2026-42998
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...
CVE-2026-59151 Prowler: SAML Domain Claiming Enables Cross-Tenant Account Takeover
Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...
CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...
CVE-2026-55672
Summary (concrete details) : The CVE concerns Zitadel, an open-source identity management platform. The vulnerability occurs in the OAuth2/OIDC CodeExchange and RefreshToken flows (and related device token flow) where verification that the requesting client matches the originally authorized clien...