CVE-2026-28415 Gradio has Open Redirect in OAuth Flow

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...

MiracleLinux 8 : systemd-239-40.el8 (AXSA:2021-1218:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1218:01 advisory. systemd: memory leak in buttonopen in login/logind-button.c when udev events are received CVE-2019-20386 Tenable has extracted the preceding description bloc...

EUVD-2018-11551

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-19877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field. CVE-2018-19877 Note that Nessus relies on the presence of the package ...

Linux Distros Unpatched Vulnerability : CVE-2019-20386

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in buttonopen in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur...

PT-2025-1883 · WordPress · Clinked Client Portal

Name of the Vulnerable Software and Affected Versions: Clinked Client Portal plugin for WordPress versions up to, and including, 1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode due to insufficient input sanitization and output...

WordPress plugin Clinked Client Portal 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

SUSE CVE-2019-20386

An issue was discovered in buttonopen in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur...

NetSetMan Pro 授权问题漏洞

NetSetMan Pro is a commercial version of NetSetMan's Network Setup Manager software. Easily switch between your pre-configured profiles. An authorization issue vulnerability exists in NetSetMan Pro, which originates from an unauthenticated attacker being able to open the Administrator shell and...

DEBIAN-CVE-2019-20386

An issue was discovered in buttonopen in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur...

UBUNTU-CVE-2018-19877

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field...

CVE-2018-19877

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field...

CVE-2018-15528

Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "selectsso" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?XSS link and then...

Cross site scripting

Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "selectsso" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?XSS link and then...