9 matches found
CVE-2026-40039
Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the returnto parameter. Attackers can craft malicious login URLs with unvalidated returnto values to conduct phishing attacks and steal user credentials...
CVE-2025-9084 Open redirect in OAuth login
Mattermost versions 10.5.x = 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs...
PT-2025-37469
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.0 through 10.5.9 Description Mattermost versions 10.5.x fail to properly validate redirect URLs, allowing attackers to redirect users to malicious sites via crafted OAuth login URLs. Recommendations At the moment, ther...
CVE-2022-22919
Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs...
Open Redirect
silverstripe/framework is vulnerable to Open Redirect. The vulnerability is due to improper handling of login URLs, allowing attackers to redirect successful logins to external sites...
WordPress plugin Essential Addons for Elementor security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability in the WordPress...
K91414704: BIG-IP Advanced WAF and ASM Brute Force Protection feature may not properly support the Post-Redirect-Get application flow
Security Advisory Description The Advanced WAF and BIG-IP ASM systems may not properly support the Post-Redirect-Get PRG application flow implemented on a back-end web server. This issue occurs when all of the following conditions are met: You enabled brute force protection in your security polic...
DRUPAL-CONTRIB-2021-011
Open Social is a Drupal distribution for online communities. The included social\magic\login module doesn't sufficiently validate magic login URLs for user accounts. The lack of validation makes it possible for an adversary to forge valid login URLs and login to such an account. This vulnerabilit...
WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities
Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Date: 2019-03-04 Active installs: 100,000+ Version: 8.0 Software Link: https://wordpress.org/plugins/wp-cerber/ Exploit Author: ed0x21son Category: WebApps, WordPress Tested...