977457 matches found
DataEase - Remote Code Execution
DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...
Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0250...
D-Link DIR850 ET850-1.08TRb03 - Open Redirect
DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites. id: CVE-2021-46379 info: name: D-Link DIR850 ET850-1.08TRb03 - Open Redirect author: 0xAkoko severity: medium description: DLink DIR850...
XWiki - Open Redirect
XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0. id: CVE-2023-32068 info: name: XWiki - Open Redirect author:...
Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...
Gitea <1.16.5 - Open Redirect
Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-1058 info: name: Gitea 1.16.5 - Open Redire...
EUVD-2026-43083
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...
Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. id: CVE-2019-10098 info: name: Apache HTTP server v2.4.0 to v2.4.39 - Open...
CVE-2026-55806
Summary of CVE-2026-55806 (Drupal core) : Affects Drupal core where the rebuild.php front controller does not correctly validate the Host header against trusted host patterns, enabling cache poisoning and open redirects. Affected versions include: 0.0.0–11.1., 11.0. –11.1.*, 10.0.0–10.5.12, 10.6....
EUVD-2026-43028
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...
CVE-2026-55461
Snipe-IT (IT asset/license management) versions prior to 8.6.2 are vulnerable: the user edit flow stores url()->previous() from the attacker-controlled Referer header into Laravel’s intended URL session value and subsequently uses redirect()->intended(...) when redirect_option=back is submi...
EUVD-2026-42977
ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...
CVE-2026-56354
n8n before 1.123.24, 2.10.4, and 2.12.0 across its 1.x and 2.x branches contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions...
EUVD-2026-42924
MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...
CVE-2026-8609
Grafana CVE-2026-8609 describes an unauthenticated denial-of-service via repeated requests to the OAuth login route. The issue allows an attacker to trigger unbounded memory growth, potentially exhausting memory and crashing the Grafana instance. The entry provides CVSS v3.1 data (AV:N/AC:L/PR:N/...
EUVD-2026-42887
n8n before 1.123.24, 2.10.4, and 2.12.0 across its 1.x and 2.x branches contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions...
CVE-2026-56354
CVE-2026-56354 affects n8n before 1.123.24, 2.10.4, and 2.12.0 (1.x and 2.x branches). The Form Node contains cross-site scripting and open redirect vulnerabilities caused by unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creat...
CVE-2026-56354 n8n - Cross-Site Scripting and Open Redirect in Form Node
n8n before 1.123.24, 2.10.4, and 2.12.0 across its 1.x and 2.x branches contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions...
CVE-2026-15299
The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...
PT-2026-57307
Name of the Vulnerable Software and Affected Versions miniOrange OAuth Single Sign On - SSO OAuth Client versions prior to 38.5.9 Description An authentication bypass exists in the miniOrange OAuth SSO WordPress plugin. An unauthenticated remote attacker can exploit an alternate password-recovery...