Nova noVNC - Open Redirect

Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-3654 info: name: Nova noVNC - Open Redirect author: geeknik severity: medium...

Travelpayouts <= 1.1.16 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...

vBulletin - Open Redirect

vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-6200 info: name:...

b2evolution CMS <6.11.6 - Open Redirect

b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirectto parameter in emailpassthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-22840 info:...

Prometheus - Open Redirect

Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...

CVE-2026-30346

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

PT-2026-46384

Name of the Vulnerable Software and Affected Versions Iris versions prior to 2.4.28 Description Iris is a web collaborative platform designed for incident responders to share technical details during investigations. The software contains an open redirect flaw that allows an attacker to redirect...

webkitgtk: A website may be able to track users through Safari web extensions

A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management...

Update Chrome now: Critical bugs could let attackers run code

Google has issued updates for the Chrome browser patching a number of high‑severity vulnerabilities. The update includes fixes for two critical vulnerabilities that can be used for remote code execution just by visiting a malicious website. The stable channel has been updated to 148.0.7778.178/17...

webkitgtk: A website may be able to track users through Safari web extensions

A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management...

webpack-dev-server 安全漏洞

webpack-dev-server is an open-source application developed by webpack. Versions of webpack-dev-server prior to version 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from exposure to cross-origin code. When it provided services through non-potentially trusted sources, suc...

CVE-2026-28920

An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Visiting a maliciously crafted website may leak...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...

Snipe-IT has an open redirect vulnerability

Open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. Impact - Phishing: Redirect users to fake login pages to steal credentials - Session Hijacking: Redirect to attacker site that captures...

USN-8237-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

CVE-2026-30346

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

CVE-2026-30346

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

CVE-2026-30346

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

CVE-2026-40299

A flaw was found in next-intl, a library for internationalization in Next.js applications. A remote attacker could exploit this vulnerability in applications using the next-intl middleware with localePrefix: 'as-needed'. By crafting specific URLs, the attacker could cause the middleware to redire...

Pegasystems Pega Robotic Automation 安全漏洞

Pegasystems Pega Robotic Automation is a robotic process automation software developed by Pegasystems Inc. in the United States. There is a security vulnerability in Pegasystems Pega Robotic Automation. This vulnerability stems from a vulnerability in the native messaging host of the Pega Browser...