Lucene search
K

1031 matches found

Nuclei
Nuclei
added yesterday45 views

FineCMS <5.0.9 - Open Redirect

FineCMS 5.0.9 contains an open redirect vulnerability via the url parameter in a sync action. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2017-11586 info: name: FineCMS 5.0.9 - Open...

6.1CVSS6.3AI score0.02286EPSS
Exploits1References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-40323

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS5.8AI score0.00157EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 days ago4 views

CVE-2026-43701

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox...

5.7AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

PYSEC-2026-292 BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...

9.6CVSS6.1AI score0.00668EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox

A malicious website can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been exploited in a spoofing attack. This vulnerability affects Firefox versions earlier than 119...

4.3CVSS6.1AI score0.00586EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data through a malicious website...

6.5CVSS6.9AI score0.00739EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to version 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page...

6.5CVSS7.3AI score0.04493EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

A malicious website could have used a combination of the fullscreen mode and the requestPointerLock function to cause the user’s mouse to be repositioned unexpectedly. This could lead to confusion among users and, inadvertently, the granting of permissions that the user did not intend to grant...

6.1CVSS6.5AI score0.00575EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Firefox

Uploading files that contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox 115...

6.5CVSS6.9AI score0.00596EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in WebKit2GTK

This issue has been resolved through improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1, and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...

6.1CVSS6.6AI score0.01192EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 9:16 p.m.9 views

CVE-2026-42329

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS0.00174EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:47 p.m.8 views

CVE-2026-42329

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/04 8:47 p.m.31 views

CVE-2026-42329 Iris has an Open Redirect issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:51 p.m.8 views

CVE-2026-45278

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

3.3CVSS5.7AI score0.00232EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/01 2:1 a.m.19 views

webkitgtk: A malicious website may be able to process restricted web content outside the sandbox

A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling...

8.8CVSS5.7AI score0.00636EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.10 views

PT-2026-45362

SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupe save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...

5.1CVSS5.8AI score0.00182EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в firefox

A malicious website might have included an iframe with a malformed URI, resulting in a non-exploitable browser crash. This vulnerability affects Firefox versions earlier than 126...

6.5CVSS5.8AI score0.00389EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/20 5:30 a.m.20 views

webkitgtk: A malicious website may be able to process restricted web content outside the sandbox

A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling...

8.8CVSS5.7AI score0.00636EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-41963

Name of the Vulnerable Software and Affected Versions @nuxt/rspack-builder versions 3.15.4 through 3.21.5 @nuxt/rspack-builder versions 4.0.0-alpha.1 through 4.4.5 @nuxt/webpack-builder versions 3.15.4 through 3.21.5 @nuxt/webpack-builder versions 4.0.0-alpha.1 through 4.4.5 Description An...

5.9CVSS5.3AI score0.00208EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.9 views

CVE-2025-27851

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...

9.3CVSS5.6AI score0.00145EPSS
Exploits0References1
Rows per page
Query Builder