Lucene search
K

6240 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.7 views

CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS0.00161EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 10:16 p.m.4 views

UBUNTU-CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS5.8AI score0.00161EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 9:30 p.m.26 views

CVE-2026-44889 WebOb: Location header normalization during redirect leads to open redirect

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:30 p.m.53 views

CVE-2026-44889

WebOb (HTTP request/response utilities) is affected prior to version 1.8.10 by an open redirect in Location header normalization during redirects. The vulnerability arises from how WebOb uses urljoin/urlsplit to combine the redirect target with the request URL; since Python 3.10, urlsplit strips ...

6.1CVSS5.9AI score0.00161EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 9:30 p.m.6 views

CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS5.9AI score0.00161EPSS
Exploits0
OSV
OSV
added 2026/06/22 5:18 p.m.3 views

MINI-JCF7-QX3R-37XV

Bulletin has no description...

10CVSS5.7AI score0.0044EPSS
Exploits0
OSV
OSV
added 2026/06/22 5:18 p.m.4 views

MINI-WGWP-RM9G-7P57

Bulletin has no description...

7.5CVSS5.7AI score0.00415EPSS
Exploits0
OSV
OSV
added 2026/06/22 5:17 p.m.3 views

MINI-37FM-78JH-R7H5

Bulletin has no description...

9.1CVSS5.7AI score0.00487EPSS
Exploits0
OSV
OSV
added 2026/06/22 5:17 p.m.3 views

MINI-544W-VRMV-G3FR

Bulletin has no description...

9.6CVSS5.7AI score0.00478EPSS
Exploits0
OSV
OSV
added 2026/06/22 5:17 p.m.4 views

MINI-J7FC-23XH-PGR2

Bulletin has no description...

9.1CVSS5.7AI score0.00487EPSS
Exploits0
OSV
OSV
added 2026/06/22 5:17 p.m.3 views

MINI-C47P-FJ2X-WW4X

Bulletin has no description...

7.5CVSS5.7AI score0.00394EPSS
Exploits0
OSV
OSV
added 2026/06/22 12:43 p.m.5 views

MINI-73G2-8V54-Q3HG

Bulletin has no description...

7.5CVSS5.7AI score0.00415EPSS
Exploits0
OSV
OSV
added 2026/06/22 11:38 a.m.3 views

MINI-VHWW-P47X-Q2M6

Bulletin has no description...

5.3CVSS5.8AI score0.00141EPSS
Exploits0
OSV
OSV
added 2026/06/21 8:27 p.m.4 views

MINI-XV3W-625M-FCXX

Bulletin has no description...

7.5CVSS5.8AI score0.00459EPSS
Exploits2
OSV
OSV
added 2026/06/21 1:23 p.m.3 views

MINI-CHJ3-J2MJ-CQ7Q

Bulletin has no description...

7.5CVSS6.7AI score0.00651EPSS
Exploits0
OSV
OSV
added 2026/06/21 10:44 a.m.5 views

MINI-F8CH-HP76-WW77

Bulletin has no description...

7.5CVSS5.8AI score0.00728EPSS
Exploits0
OSV
OSV
added 2026/06/20 4:9 p.m.5 views

MINI-PQP6-82RJ-WF49

Bulletin has no description...

5.5CVSS5.7AI score0.00317EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.30 views

CVE-2026-56218 Capgo - EXIF Metadata Exposure via Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...

6.9CVSS0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 3:24 p.m.22 views

CVE-2026-56218

Capgo prior to 12.128.2 does not strip EXIF metadata (including GPS coordinates) from uploaded images, enabling disclosure of users’ precise location. Attackers can download images and extract coordinates at capture time. Remediation: upgrade Capgo to version 12.128.2 or later.

6.9CVSS5.8AI score0.00205EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 4:18 p.m.6 views

MINI-4MH4-25J3-4349

Bulletin has no description...

6.9CVSS5.7AI score0.00223EPSS
Exploits0
Rows per page
Query Builder