3038 matches found
CVE-2026-33213
Redash is a package for data visualization and sharing. From 5.0.2 to 26.3.0, the getnextpath function in Redash's authentication module stripped the scheme and netloc from user-supplied next parameters but did not normalize multiple leading slashes, allowing a crafted login URL such as...
CVE-2026-33213
Redash vulnerability CVE-2026-33213 affects the data-visualization tool Redash (versions 5.0.2 through 26.3.0). The get_next_path() function in the authentication module strips the scheme and netloc from user-supplied next parameters but does not normalize multiple leading slashes, enabling an op...
EUVD-2026-44686
Redash is a package for data visualization and sharing. From 5.0.2 to 26.3.0, the getnextpath function in Redash's authentication module stripped the scheme and netloc from user-supplied next parameters but did not normalize multiple leading slashes, allowing a crafted login URL such as...
CVE-2026-33213 Redash: Open redirect vulnerability in post-login redirect handling
Redash is a package for data visualization and sharing. From 5.0.2 to 26.3.0, the getnextpath function in Redash's authentication module stripped the scheme and netloc from user-supplied next parameters but did not normalize multiple leading slashes, allowing a crafted login URL such as...
K000161837: Out-of-band Security Notification (July 15, 2026)
Security Advisory Description On July 15, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. Article CVE|...
ROOT-APP-NPM-CVE-2026-44581 CVE-2026-44581 in @rootio/next - Patched by Root
Root has patched CVE-2026-44581 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-Q4GF-8MX6-V5V3 GHSA-q4gf-8mx6-v5v3 in @rootio/next - Patched by Root
Root has patched GHSA-q4gf-8mx6-v5v3 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44574 CVE-2026-44574 in @rootio/next - Patched by Root
Root has patched CVE-2026-44574 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-29057 CVE-2026-29057 in @rootio/next - Patched by Root
Root has patched CVE-2026-29057 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44573 CVE-2026-44573 in @rootio/next - Patched by Root
Root has patched CVE-2026-44573 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44576 CVE-2026-44576 in @rootio/next - Patched by Root
Root has patched CVE-2026-44576 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-8H8Q-6873-Q5FJ GHSA-8h8q-6873-q5fj in @rootio/next - Patched by Root
Root has patched GHSA-8h8q-6873-q5fj in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-27980 CVE-2026-27980 in @rootio/next - Patched by Root
Root has patched CVE-2026-27980 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44577 CVE-2026-44577 in @rootio/next - Patched by Root
Root has patched CVE-2026-44577 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44580 CVE-2026-44580 in @rootio/next - Patched by Root
Root has patched CVE-2026-44580 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44578 CVE-2026-44578 in @rootio/next - Patched by Root
Root has patched CVE-2026-44578 in the @rootio/next package for Root:npm. Multiple fixed versions available...
AxxonSoft Axxon Next - Local File Inclusion
AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. id: CVE-2018-7467 info: name: AxxonSoft Axxon Next - Local File Inclusion author: 0xAkoko severity: high description: AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. impact: | An attacker can read...
Quiz and Survey Master <= 8.1.4 - SQL Injection
ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...
SickChill - Open Redirect
SickChill's login endpoint's 'next' parameter accepts arbitrary content, allowing authenticated attackers to perform open redirects, but this was fixed in commit c7128a8946c3701df95c285810eb75b2de18bf82 by redirecting to a default page. id: CVE-2024-53995 info: name: SickChill - Open Redirect...
CVE-2026-15643
CVE-2026-15643 concerns AWS HealthLake MCP Server (awslabs.healthlake-mcp-server) prior to 0.0.14. A server-side request forgery in the pagination handling component can be exploited by a remote authenticated user to exfiltrate AWS temporary security credentials to an attacker-controlled endpoint...