Lucene search
K

203 matches found

Nuclei
Nuclei
added 6 hours ago14 views

Musicbox WordPress - Reflected XSS

contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13327 info:...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
NVD
NVD
added 12 hours ago6 views

CVE-2026-44745

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...

8.1CVSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42921

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS6.1AI score0.00359EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 7:1 p.m.4 views

GHSA-8W27-C4VC-88Q9 Concourse login flow has an open redirect issue

Impact An attacker is able to craft and send a user a URL that will redirect the user from the Concourse web server to any other site. This could be used in a phishing attack to steal user's credentials. Patches This has been fixed in 8.2.3 Workarounds None. Exploit Vulnerable code was in:...

5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-55209

Name of the Vulnerable Software and Affected Versions Concourse versions prior to 8.2.3 Description An open redirect issue exists in the login flow. An attacker can craft a URL that redirects users from the Concourse web server to an external site, which could be utilized in phishing attacks to...

5.9AI score
Exploits0References6
NVD
NVD
added 2026/06/25 11:17 p.m.10 views

CVE-2026-40082

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS0.00183EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 11:17 p.m.3 views

DEBIAN-CVE-2026-40082

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 10:33 p.m.8 views

CVE-2026-40082

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 10:33 p.m.6 views

CVE-2026-40082

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS5.8AI score0.00183EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.22 views

PT-2026-52625

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software is subject to Session Fixation because the session regenerate id function is not called after a successful login. In th...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/06/23 4:42 p.m.9 views

Gogs has an Open Redirect via redirect_to

Summary An open redirect vulnerability exists in Gogs where attacker-controlled redirectto parameters can bypass validation, allowing redirection to arbitrary external sites. Details All redirects in Gogs that are validated via the IsSameSite function are vulnerable: go func IsSameSiteurl string...

5.4CVSS5.9AI score0.00554EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/10 6:49 p.m.14 views

nebula-mesh: Session and OIDC state cookies lack the Secure attribute

internal/web/session.go and internal/web/oidc.go set HttpOnly and SameSite=Lax on every cookie but never Secure. A single plaintext request to the origin operator on a LAN, mistyped URL, HTTP→HTTPS not strictly enforced, reverse proxy misconfiguration discloses the session. Affected All released...

5.6AI score0.00031EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/10 4:17 p.m.10 views

CVE-2026-45566

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://request.hostnexturl and the JS client redirects via...

6.1CVSS0.00153EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48458

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://request.hostnext url and the JS client redirects via...

6.1CVSS5.5AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48541

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.2 Description Cookies in internal/web/session.go and internal/web/oidc.go are configured with HttpOnly and SameSite=Lax but lack the Secure attribute. This allows a session to be disclosed if a plaintext reque...

8.2CVSS5.9AI score0.00031EPSS
Exploits0References5
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/10 12:0 a.m.7 views

Open redirect vulnerability

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines whether a URL is safe to redirect to in the default login flow: A URL containing relative path segments ./ or ../ is validated before the servlet container collapses those segments into a protocol-relative URL starting with...

7.4CVSS5.2AI score0.00364EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/10 12:0 a.m.6 views

Open redirect vulnerability

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines whether a URL is safe to redirect to in the default login flow: A URL containing relative path segments ./ or ../ is validated before the servlet container collapses those segments into a protocol-relative URL starting with...

7.4CVSS5.2AI score0.00364EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-45410

TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before...

5.3CVSS5.5AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-23818

A vulnerability has been identified in the graphical user interface GUI of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an...

9.6CVSS5.7AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46850

Summary There is a Proof of Concept which is able to enumerate the usernames of administrator users. This was possible by performing a timing attack. Details The faulty code exists in src/Core/Framework/Api/OAuth/UserRepository.php: public function getUserEntityByUserCredentials string $username,...

3.7CVSS5.8AI score
Exploits0References5
Rows per page
Query Builder