977111 matches found
CVE-2026-12960
CVE-2026-12960 affects the ASUS Router Android app. The issue is an Improper Export of Android Application Components, where a local third-party app on the same device can send a crafted Intent that causes the ASUS Router App to open a specified URL. CVSS metrics indicate local access, low comple...
EUVD-2026-41482
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...
EUVD-2026-41445
Url redirection to untrusted site 'open redirect' in M365 Copilot allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-41106
Url redirection to untrusted site 'open redirect' in M365 Copilot allows an unauthorized attacker to elevate privileges over a network...
EUVD-2026-37817
Steeltoe's static JWKS cache shared across schemes and never invalidated...
EEF-CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl
Summary Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tls\gen\connection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server...
EUVD-2026-41412
The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...
EUVD-2026-41404
A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...
Opsview Monitor Pro - Open Redirect
Opsview Monitor Pro before 5.1.0.162300841, before 5.0.2.27475, before 4.6.4.162391051, and 4.5.x without a certain 2016 security patch contains an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the login...
Orchard 'ReturnUrl' Parameter URI - Open Redirect
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter. id: CVE-2011-52...
Flarum < 1.8.5 - Open Redirect
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...
Gradio - Open Redirect
Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application. id: CVE-2024-8021 info: name: Gradio - Open Redirect author: DhiyaneshDK severity: medium description: | Gradio...
DedeCMS - Open Redirect via download.php
Dedecms 5.71sp1 and earlier contain a URL redirect caused by a logic error that does not properly validate GET request input, letting attackers redirect users to arbitrary URLs, exploit requires sending crafted GET requests. id: CVE-2024-57241 info: name: DedeCMS - Open Redirect via download.php...
GPT Academic v1.3.9 - Open Redirect
An open redirect vulnerability exists in GPT Academic v1.3.9, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-10812 info: name:...
WP Content Copy Protection & No Right Click - Open Redirect
The WP Content Copy Protection & No Right Click plugin before version 15.3 contains an open-redirect vulnerability via the referrer parameter in no-js.php, allowing redirection of users to external sites. id: CVE-2024-6690 info: name: WP Content Copy Protection & No Right Click - Open Redirect...
WordPress Themify Builder < 7.5.8 - Open Redirect
The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...
Twisted - Open Redirect & XSS
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter...
Keycloak - Open Redirect
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...
Prometheus - Open Redirect
Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...
IceWarp Mail Server - Open Redirect
IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects. id: CVE-2021-36580 info: name: IceWarp Mail Server - Open Redirect author: DhiyaneshDk severity: medium description: | IceWarp Mail Server contains an open...