Lucene search
K

9 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/13 6:10 p.m.2 views

CVE-2026-40039

Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the returnto parameter. Attackers can craft malicious login URLs with unvalidated returnto values to conduct phishing attacks and steal user credentials...

7.1CVSS5.9AI score0.00338EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/15 10:22 a.m.4 views

CVE-2025-9084 Open redirect in OAuth login

Mattermost versions 10.5.x = 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs...

3.1CVSS6.4AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.10 views

PT-2025-37469

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.0 through 10.5.9 Description Mattermost versions 10.5.x fail to properly validate redirect URLs, allowing attackers to redirect users to malicious sites via crafted OAuth login URLs. Recommendations At the moment, ther...

9.9CVSS6.3AI score0.10543EPSS
Exploits21References49
RedhatCVE
RedhatCVE
added 2025/05/22 11:51 p.m.4 views

CVE-2022-22919

Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs...

6.1CVSS7AI score0.00621EPSS
Exploits1References1
Veracode
Veracode
added 2024/05/27 8:35 a.m.14 views

Open Redirect

silverstripe/framework is vulnerable to Open Redirect. The vulnerability is due to improper handling of login URLs, allowing attackers to redirect successful logins to external sites...

7AI score
Exploits0
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.4 views

WordPress plugin Essential Addons for Elementor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability in the WordPress...

6.5CVSS6.1AI score0.00402EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 6:49 p.m.16 views

K91414704: BIG-IP Advanced WAF and ASM Brute Force Protection feature may not properly support the Post-Redirect-Get application flow

Security Advisory Description The Advanced WAF and BIG-IP ASM systems may not properly support the Post-Redirect-Get PRG application flow implemented on a back-end web server. This issue occurs when all of the following conditions are met: You enabled brute force protection in your security polic...

6.6AI score
Exploits0
OSV
OSV
added 2021/06/02 4:51 p.m.2 views

DRUPAL-CONTRIB-2021-011

Open Social is a Drupal distribution for online communities. The included social\magic\login module doesn't sufficiently validate magic login URLs for user accounts. The lack of validation makes it possible for an adversary to forge valid login URLs and login to such an account. This vulnerabilit...

6.5AI score
Exploits0References1
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.79 views

WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities

Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Date: 2019-03-04 Active installs: 100,000+ Version: 8.0 Software Link: https://wordpress.org/plugins/wp-cerber/ Exploit Author: ed0x21son Category: WebApps, WordPress Tested...

7.4AI score
Exploits0
Rows per page
Query Builder