CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added yesterday•14 views

CVE-2026-55237 AutoGPT SignUp Page has DOM-Based XSS and Open Redirect

8.8CVSS

EUVD•added 2026/06/10 3:36 p.m.•7 views

EUVD-2026-36063

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://request.hostnexturl and the JS client redirects via...

CVE•added 2026/06/10 3:36 p.m.•10 views

CVE-2026-45566

Roxy-WI unauthenticated login flow flaw (affecting 8.2.6.4 and prior) allows an open redirect via the next parameter. The code rejects strings containing https:// or http:// but then builds https://{request.host}{next_url} and redirects with window.location.replace(), not accounting for userinfo@...

Vulnrichment•added 2026/06/10 3:36 p.m.•8 views

CVE-2026-45566 Roxy-WI: Open redirect on /login?next= via basic-auth userinfo syntax bypass

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48458

OSV•added 2026/06/05 5:40 a.m.•5 views

BIT-AIRFLOW-2026-40961 Apache Airflow: Open Redirect Bypass Vulnerability

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

7.2CVSS5.5AI score0.00625EPSS

Exploits0References4

CVE•added 2026/05/28 5:47 p.m.•16 views

CVE-2026-45307

Speakr prior to 0.8.20-alpha is vulnerable to an open redirect via the is_safe_url() helper. The validation used urljoin(request.host_url, target) before parsing, so a scheme-relative input like ////evil.com is resolved to a same-host URL during validation but is emitted verbatim in the Location ...

6.1CVSS5.8AI score0.00153EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•12 views

PT-2026-41962

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.4.3 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 Description When using the navigateTo function with the external: true option, the software generates a server-side HTML redirect body containing a tag. The destinati...

5.4CVSS5.1AI score0.00153EPSS

Exploits1References7

NVD•added 2026/05/12 6:17 p.m.•12 views

CVE-2026-41513

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

4.8CVSS0.00265EPSS

Cvelist•added 2026/05/12 4:43 p.m.•30 views

CVE-2026-41513 Horilla: Open Redirect via Unvalidated `next` Parameter in Notification Endpoints

4.8CVSS0.00265EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-40245

4.8CVSS5.9AI score0.00265EPSS

Exploits0References3

OSV•added 2026/05/06 7:50 p.m.•1 views

GHSA-VQV8-J3MJ-WJXJ wger: trainer_login open redirect - ?next= parameter not validated against host

Summary The trainerlogin view in wger redirects to request.GET'next' directly via HttpResponseRedirect without calling urlhasallowedhostandscheme. After the trainer successfully enters impersonation mode, their browser is redirected to any attacker-controlled URL supplied in the ?next= parameter,...

5.4CVSS6AI score

Github Security Blog•added 2026/05/06 7:50 p.m.•5 views

wger: trainer_login open redirect - ?next= parameter not validated against host

6AI score

Exploits0References2Affected Software1

Snyk•added 2026/05/06 7:50 p.m.•8 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the trainerlogin function. An attacker can redirect a user's browser to an external, attacker-controlled URL by supplying a crafted next parameter, potentially exposing sensitive information such as the original URL...

9.6CVSS5.8AI score