1031 matches found
FineCMS <5.0.9 - Open Redirect
FineCMS 5.0.9 contains an open redirect vulnerability via the url parameter in a sync action. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2017-11586 info: name: FineCMS 5.0.9 - Open...
EUVD-2026-40323
KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...
CVE-2026-43701
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox...
PYSEC-2026-292 BBOT's various issues in unarchive.py can cause arbitrary file write and RCE
Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...
Astra Linux – Vulnerability in Firefox
A malicious website can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been exploited in a spoofing attack. This vulnerability affects Firefox versions earlier than 119...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data through a malicious website...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to version 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page...
Astra Linux – Vulnerability in Firefox and Thunderbird
A malicious website could have used a combination of the fullscreen mode and the requestPointerLock function to cause the user’s mouse to be repositioned unexpectedly. This could lead to confusion among users and, inadvertently, the granting of permissions that the user did not intend to grant...
Astra Linux – Vulnerability in Firefox
Uploading files that contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox 115...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1, and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...
CVE-2026-42329
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...
CVE-2026-42329
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...
CVE-2026-42329 Iris has an Open Redirect issue
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...
CVE-2026-45278
Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...
webkitgtk: A malicious website may be able to process restricted web content outside the sandbox
A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling...
PT-2026-45362
SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupe save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...
Astra Linux - уязвимость в firefox
A malicious website might have included an iframe with a malformed URI, resulting in a non-exploitable browser crash. This vulnerability affects Firefox versions earlier than 126...
webkitgtk: A malicious website may be able to process restricted web content outside the sandbox
A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling...
PT-2026-41963
Name of the Vulnerable Software and Affected Versions @nuxt/rspack-builder versions 3.15.4 through 3.21.5 @nuxt/rspack-builder versions 4.0.0-alpha.1 through 4.4.5 @nuxt/webpack-builder versions 3.15.4 through 3.21.5 @nuxt/webpack-builder versions 4.0.0-alpha.1 through 4.4.5 Description An...
CVE-2025-27851
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...