10 matches found
CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass
Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...
CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass
Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...
CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
PT-2026-39215
Name of the Vulnerable Software and Affected Versions Kargo versions prior to 1.7.10 Kargo versions prior to 1.8.13 Kargo versions prior to 1.9.8 Kargo versions prior to 1.10.2 Description Kargo, which manages and automates the promotion of software artifacts, contains an open redirect in the UI...
EUVD-2025-4744
Malicious code in bioql PyPI...
CVE-2024-11753
The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umichoidcbutton' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11753
The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umichoidcbutton' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11753
CVE-2024-11753 affects the UMich OIDC Login plugin for WordPress. The vulnerability is a Stored XSS in the plugin’s umich_oidc_button shortcode attributes, present in all versions up to and including 1.2.0, caused by insufficient input sanitization and output escaping of user-supplied attributes....
CVE-2024-11753 UMich OIDC Login <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umichoidcbutton' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11753 UMich OIDC Login <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umichoidcbutton' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...