WordPress Toolbar <= 2.2.6 - Open Redirect

The plugin redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2023-6389 info: name: WordPress Toolbar = 2.2.6 - Open Redirect...

OPNsense <=20.1.5 - Open Redirect

OPNsense through 20.1.5 contains an open redirect vulnerability via the url redirect parameter in the login page, which is not filtered. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...

Umbraco <7.4.0- Server-Side Request Forgery

Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index. id: CVE-2015-8813 info: name: Umbraco 7.4.0- Server-Side Request...

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

Xsuite <=2.4.4.5 - Open Redirect

Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter. id: CVE-2015-4668 info: name: Xsuite =2.4.4.5 - Open Redirect author: 0xAkoko...

WordPress < 4.8.2 - Authenticated Open Redirect

WordPress versions before 4.8.2 contain an open redirect caused by improper validation in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, letting attackers redirect users to malicious sites, exploit requires access to admin interface. id: CVE-2017-14725 info: name: WordPress 4.8.2 -...

Telaen => v1.3.1 - Open Redirect

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. id: CVE-2013-2621 info: name: Telaen = v1.3.1 - Open Redirect author: ctflearner severity: medium description: | Open Redirection...

Prometheus - Open Redirect

Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...

EpiServer Find <13.2.7 - Open Redirect

EpiServer Find before 13.2.7 contains an open redirect vulnerability via the tredirect parameter in a crafted URL, such as a /findv2/click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...

Apache Tomcat - Open Redirect

Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. id: CVE-2018-11784 info: name: Apache Tomcat - Open Redirect author: geeknik severity: medium description: | Apache Tomcat versions...

D-Link DIR850 ET850-1.08TRb03 - Open Redirect

DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites. id: CVE-2021-46379 info: name: D-Link DIR850 ET850-1.08TRb03 - Open Redirect author: 0xAkoko severity: medium description: DLink DIR850...

Open Redirect in Login Redirect - MobSF

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. id: CVE-2024-41955 info: name: Open Redirect in Login Redirect - MobSF author: Farish severity: medium...

FlatPress 1.2.1 - Stored Cross-Site Scripting

FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-41432 info: name: FlatPress 1.2.1 -...

Orchard 'ReturnUrl' Parameter URI - Open Redirect

Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter. id: CVE-2011-52...

Z-Blog <=1.5.2 - Open Redirect

Z-Blog 1.5.2 and earlier contains an open redirect vulnerability via the redirect parameter in zbsystem/cmd.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-18268 info: name: Z-Blo...

Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847 Dirty Pipe Pre-compiled exploit for CVE-2022-08...

CVE-2024-27890

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...

CVE-2026-6239

A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive...

RHEL 10 : ovn25.03 (RHSA-2026:22110)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22110 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

RHEL 6 : python (RHSA-2026:22144)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22144 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...