CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

66 matches found

Github Security Blog•added 3 days ago•8 views

Shopware SSO referer trust leading to an arbitrary redirect target

Description This report describes an open redirect in Shopware's public SSO entry point at GET /api/oauth/sso/auth. When the endpoint is reached without the expected SSO session state, the application falls back to the request's Referer header and uses that value as the redirect destination. In t...

6AI score

Exploits0References3Affected Software2

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в thunderbird

If a Thunderbird user responded to a crafted HTML email containing a meta tag, where the meta tag had the http-equiv="refresh" attribute, and the content attribute specified a URL, then Thunderbird would initiate a network request to that URL, regardless of any configuration settings that block...

8.1CVSS7.2AI score0.00502EPSS

Exploits0References2

Github Security Blog•added 2026/05/19 3:49 p.m.•16 views

Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

6.3CVSS5.4AI score0.00099EPSS

Exploits1References3Affected Software1

OSV•added 2026/05/19 3:49 p.m.•1 views

GHSA-FX6J-W5W5-H468 Nuxt: Reflected XSS in `navigateTo()` external redirect

5.3CVSS5.4AI score

Exploits0References3

RedhatCVE•added 2026/04/09 1:23 a.m.•4 views

CVE-2026-39376

FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...

7.5CVSS5.9AI score0.00077EPSS

Exploits1References1

EUVD•added 2026/04/08 12:12 a.m.•0 views

EUVD-2026-19915

FastFeedParser has an infinite redirect loop DoS via meta-refresh chain...

7.5CVSS5.9AI score0.00077EPSS

Exploits1References2

Snyk•added 2026/04/08 12:12 a.m.•1 views

Uncontrolled Recursion

Overview fastfeedparser is a High performance RSS, Atom, JSON and RDF feed parser in Python Affected versions of this package are vulnerable to Uncontrolled Recursion through the parse function when processing HTML responses containing a tag, which leads to unbounded recursion without a redirect...

8.7CVSS5.8AI score0.00077EPSS

Exploits1References2

OSV•added 2026/04/08 12:12 a.m.•3 views

GHSA-4GX2-PC4F-WQ37 FastFeedParser has an infinite redirect loop DoS via meta-refresh chain

Summary When parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh response...

7.5CVSS5.8AI score0.00077EPSS

Exploits1References4

Github Security Blog•added 2026/04/08 12:12 a.m.•5 views

FastFeedParser has an infinite redirect loop DoS via meta-refresh chain

7.5CVSS5.9AI score0.00077EPSS

Exploits1References4Affected Software1

PyPA•added 2026/04/07 8:16 p.m.•6 views

PYSEC-2026-60

7.5CVSS5.8AI score0.00077EPSS

Exploits1References1Affected Software1

OSV•added 2026/04/07 8:16 p.m.•2 views

PYSEC-2026-60

7.5CVSS5.8AI score0.00077EPSS

Exploits1References1

NVD•added 2026/04/07 8:16 p.m.•2 views

CVE-2026-39376

7.5CVSS0.00077EPSS

Exploits1References1

ATTACKERKB•added 2026/04/07 7:46 p.m.•2 views

CVE-2026-39376

7.5CVSS5.9AI score0.00077EPSS

Exploits1References2Affected Software1

CVE•added 2026/04/07 7:46 p.m.•6 views

CVE-2026-39376

FastFeedParser is affected by CVE-2026-39376 prior to version 0.5.10. When parse() fetches a URL returning an HTML page with a tag, it may recursively call itself on the redirect URL without a depth limit, visited-URL deduplication, or redirect count cap. An attacker-controlled server that emits...

7.5CVSS5.9AI score0.00077EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/04/07 7:46 p.m.•16 views

CVE-2026-39376 FastFeedParser has an infinite redirect loop DoS via meta-refresh chain

7.5CVSS0.00077EPSS

Exploits1References1

Vulnrichment•added 2026/04/07 7:46 p.m.•1 views

CVE-2026-39376 FastFeedParser has an infinite redirect loop DoS via meta-refresh chain

7.5CVSS5.9AI score0.00077EPSS

Exploits1References1

Positive Technologies•added 2026/04/07 12:0 a.m.•2 views

PT-2026-31006

7.5CVSS5.9AI score0.00077EPSS

Exploits1References3

CNNVD•added 2026/04/07 12:0 a.m.•2 views

FastFeedParser 安全漏洞

FastFeedParser is a high-performance Python library for parsing RSS and Atom feeds, open-sourced by Kagi Search. Versions of FastFeedParser prior to 0.5.10 contained a security vulnerability. This vulnerability stemmed from the lack of a recursive depth limit when parsing HTML meta refresh tags,...

7.5CVSS5.8AI score0.00077EPSS

Exploits1References1

SUSE CVE•added 2026/03/07 12:25 a.m.•3 views

SUSE CVE-2026-27142

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

5.4CVSS5.7AI score0.00013EPSS

Exploits0References13

OSV•added 2026/03/06 10:16 p.m.•4 views

AZL-79640 CVE-2026-27142 affecting package python-tensorboard 2.16.2-6

6.1CVSS7.2AI score0.00013EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by