Lucene search
K

17 matches found

Cvelist
Cvelist
added 2026/04/17 8:49 p.m.26 views

CVE-2026-40299 next-intl has an open redirect vulnerability

next-intl provides internationalization for Next.js. Applications using the next-intl middleware prior to version 4.9.1with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host e.g. scheme-relative // or...

6.9CVSS0.00339EPSS
Exploits0References4
OSV
OSV
added 2026/04/10 9:3 p.m.3 views

GHSA-8F24-V5VV-GM5J next-intl has an open redirect vulnerability

Impact Applications using the next-intl middleware with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host e.g. scheme-relative // or control characters stripped by the URL parser, so the middleware coul...

6.9CVSS5.8AI score0.00339EPSS
Exploits0References6
CVE
CVE
added 2026/03/22 11:24 p.m.10 views

CVE-2026-2580

The CVE-2026-2580 entry concerns the WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters WordPress plugin (up to v4.9.1). The root cause is insufficient escaping and insufficient preparation of an SQL query, enabling time-based SQL Injection via the ‘orderby’...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/01/27 12:26 a.m.6 views

SUSE CVE-2026-23511

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...

5.3CVSS5.8AI score0.00362EPSS
Exploits0References2
NVD
NVD
added 2026/01/15 8:16 p.m.7 views

CVE-2026-23511

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...

5.3CVSS0.00362EPSS
Exploits0References5
CVE
CVE
added 2026/01/15 7:9 p.m.12 views

CVE-2026-23511

CVE-2026-23511 affects Zitadel, an open source identity management platform. A user enumeration flaw in login interfaces allows an unauthenticated attacker to verify the existence of valid user accounts by iterating through usernames and userIDs. The issue is present in multiple versions prior to...

5.3CVSS6.5AI score0.00362EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

ZITADEL security vulnerabilities

ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed for the era of containers and serverless environments by ZITADEL in Switzerland. Versions of ZITADEL prior to 4.9.1 and 3.4.6 contain security vulnerabilities. These vulnerabilities stem from...

5.3CVSS5.8AI score0.00362EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.5 views

PT-2025-51434

Name of the Vulnerable Software and Affected Versions Syed Balkhi All In One SEO Pack versions through 4.9.1 Description A flaw exists in Syed Balkhi All In One SEO Pack that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. Recommendations...

8.5CVSS7.5AI score0.00253EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/03/14 2:57 a.m.3 views

SUSE CVE-2025-24016

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and...

9.9CVSS8.2AI score0.93027EPSS
Exploits10References2
OSV
OSV
added 2024/06/21 11:8 a.m.4 views

OESA-2024-1750 python-lxml security update

The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. \ It is unique in that it combines the speed and XML feature completeness of these libraries with \ the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. \ The...

9.1CVSS6.8AI score0.00532EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/07 12:0 a.m.4 views

PT-2024-27514

Name of the Vulnerable Software and Affected Versions lxml versions prior to 4.9.1 Description An XML External Entity XXE vulnerability in the ebookmeta.get metadata function allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input. Recommendations F...

9.1CVSS7.2AI score0.00532EPSS
Exploits0References17
vulnersOsv
vulnersOsv
added 2023/06/19 7:46 p.m.17 views

4337-snap (>=0.1.0 <=0.1.1), @0xabcdefg/smart-order-router (>=1.0.0 <=1.0.5) +1222 more potentially affected by CVE-2023-34459 via @openzeppelin/contracts (>=4.7.0 <=4.9.1)

@openzeppelin/contracts NPM version =4.7.0, =0.1.0, =1.0.0, =1.0.0, =3.24.7, =1.7.2, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2023-34459 Source advisory: OSV:GHSA-WPRV-93R4-JJ2P...

5.9CVSS6.2AI score0.00371EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.11 views

PT-2023-18813 · Vcita · Contact Form Builder

Name of the Vulnerable Software and Affected Versions: Contact Form Builder by vcita plugin for WordPress versions up to, and including, 4.9.1 Description: The issue is related to Stored Cross-Site Scripting via the email parameter due to insufficient input sanitization and output escaping. This...

6.4CVSS5.8AI score0.0051EPSS
Exploits1References8
OSV
OSV
added 2020/04/16 7:15 p.m.3 views

CVE-2020-7484

VERSION NOT SUPPORTED WHEN ASSIGNED A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediate...

7.5CVSS7.1AI score0.013EPSS
Exploits0References2
CNVD
CNVD
added 2018/12/26 12:0 a.m.5 views

Telegram Web and Telegram for Android Server-Side Request Forgery Vulnerability

Telegram for Android is an instant messaging application based on the Android platform.Telegram Web is its web version. A server-side request forgery vulnerability exists in the 'secret chat' feature in Telegram version 4.9.1 and Telegram Web version 0.7.0 for the Android-based platform. No...

8.1CVSS7AI score0.01554EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/01/16 7:29 p.m.3 views

CVE-2016-0207

IBM Algorithmics One-Algo Risk Application ARA 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399...

5.4CVSS5.6AI score0.00644EPSS
Exploits0References3
OSV
OSV
added 2017/03/20 4:59 p.m.5 views

CVE-2017-1155

IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference : 1999754...

4.3CVSS5.8AI score0.01284EPSS
Exploits0References2
Rows per page
Query Builder