CVE-2026-5415

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...

EUVD-2026-34888

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...

CVE-2026-5415 WP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...

PT-2026-47033

Name of the Vulnerable Software and Affected Versions WP Captcha PRO versions prior to 5.39 Description An authentication bypass exists due to the ajax run tool AJAX handler relying only on a nonce check via check ajax referer without performing capability checks. This is combined with the create...

EUVD-2026-31459

Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...

PT-2026-34057

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw $ SERVER'REQUEST URI' to Twig as a global template variable and renders it inside a JavaScript string literal in the setLang helper of base.twig,...

CVE-2026-40039

CVE-2026-40039 concerns Pachno 1.0.6. The issue is an open redirection in the login flow caused by unvalidated return_to values, enabling attackers to craft links that redirect users to arbitrary external sites for phishing and credential theft. The vulnerability affects the return_to parameter h...

CVE-2025-9084

CVE-2025-9084 affects Mattermost Server 10.5.x ≤ 10.5.9, where the OAuth login redirect URLs are not properly validated, enabling open redirect to attacker‑controlled sites. Connected sources corroborate the issue in Mattermost Server and reference an affected range up to 10.5.9, with remediation...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper handling of email links in LoginPage.tsx which allows return URLs that do not start with a / character. An attacker can inject malicious scripts by crafting a specially designed email link...

Open Redirect Vulnerability in jupyter-server

Impact Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. Patches Upgrade to Jupyter Server 2.7.2 Workaround...

PYSEC-2023-155

jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URL...

CVE-2023-39968

jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URL...

PYSEC-2023-155

jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URL...

CVE-2023-39968

jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URL...

CVE-2023-39968 Open Redirect Vulnerability in jupyter-server

jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URL...

PT-2023-20069 · WordPress · Feather Login Page

Name of the Vulnerable Software and Affected Versions: Feather Login Page plugin for WordPress versions 1.0.7 through 1.1.1 Description: The issue allows authenticated attackers with subscriber-level permissions and above to access login links, potentially leading to privilege escalation, due to ...

WordPress Plugin Groundhogg 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

What is Smishing? The 101 guide

Smishing is a valuable tool in the scammers armoury. Youve likely run into it, even if you didnt know that is its name. It doesnt arrive by email or social media direct message, instead choosing a route directly aimed at what may be your most personal device: the mobile phone. So, what is Smishin...