CVE-2026-7701

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

CVE-2026-7701 Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

CVE-2026-7701

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

CVE-2026-7701 Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

CVE-2026-1398

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

CVE-2026-1398

CVE-2026-1398 describes a CSRF vulnerability in the WordPress plugin Change WP URL. The issue arises from missing or incorrect nonce validation on the Change WP URL page, allowing unauthenticated attackers to change the WP Login URL via forged requests if a site administrator clicks a crafted lin...

EUVD-2025-38438

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...

CVE-2025-12916

CVE-2025-12916 affects Sangfor Operation and Maintenance Security Management System 3.0, specifically the Frontend component’s /fort/portal_login. The vulnerability arises from manipulating the loginUrl argument, enabling remote command injection. Public disclosures indicate exploitation is possi...

PT-2025-39664

Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.9.12 Rancher Manager versions prior to 2.10.10 Rancher Manager versions prior to 2.11.6 Rancher Manager versions prior to 2.12.2 Description Rancher Manager is susceptible to phishing attacks targeting SAML...

Innue Business Live Chat 2.5 Insecure Settings

==================================================================================================================================== | Title : innue business live chat v2.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 ...

GHSA-7726-43HG-M23V OpenAM FreeMarker template injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...

Input validation

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SAML Assertion Hijack Vulnerability

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...

CVE-2022-1594

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

Cross site request forgery (csrf)

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

CVE-2021-43812

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as...

CVE-2021-43812

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as...

cbsurge.com XSS vulnerability

Open Bug Bounty ID: OBB-655683 Description| Value ---|--- Affected Website:| cbsurge.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

caritas-ms.de XSS vulnerability

Open Bug Bounty ID: OBB-652791 Description| Value ---|--- Affected Website:| caritas-ms.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-11553

SGIN.CN xiangyun platform V9.4.10 has XSS via the loginurl parameter to /login.php...