Lucene search
K

977457 matches found

Nuclei
Nuclei
added yesterday35 views

DataEase - Remote Code Execution

DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...

9.8CVSS6.1AI score0.43192EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday62 views

Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0250...

6.1CVSS6.1AI score0.01254EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday229 views

D-Link DIR850 ET850-1.08TRb03 - Open Redirect

DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites. id: CVE-2021-46379 info: name: D-Link DIR850 ET850-1.08TRb03 - Open Redirect author: 0xAkoko severity: medium description: DLink DIR850...

6.1CVSS6.7AI score0.15701EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago72 views

XWiki - Open Redirect

XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0. id: CVE-2023-32068 info: name: XWiki - Open Redirect author:...

6.1CVSS6.5AI score0.5507EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago86 views

Open Automation Software OAS Platform V16.00.0121 - Missing Authentication

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS7AI score0.37606EPSS
Exploits1References4
Nuclei
Nuclei
added 2 days ago64 views

Gitea <1.16.5 - Open Redirect

Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-1058 info: name: Gitea 1.16.5 - Open Redire...

7.2CVSS6.7AI score0.53177EPSS
Exploits1References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43083

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

6.1AI score0.00133EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago183 views

Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. id: CVE-2019-10098 info: name: Apache HTTP server v2.4.0 to v2.4.39 - Open...

6.1CVSS6.7AI score0.73981EPSS
Exploits1References6
CVE
CVE
added 3 days ago444 views

CVE-2026-55806

Summary of CVE-2026-55806 (Drupal core) : Affects Drupal core where the rebuild.php front controller does not correctly validate the Host header against trusted host patterns, enabling cache poisoning and open redirects. Affected versions include: 0.0.0–11.1., 11.0. –11.1.*, 10.0.0–10.5.12, 10.6....

6.1AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43028

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2026-55461

Snipe-IT (IT asset/license management) versions prior to 8.6.2 are vulnerable: the user edit flow stores url()-&gt;previous() from the attacker-controlled Referer header into Laravel’s intended URL session value and subsequently uses redirect()-&gt;intended(...) when redirect_option=back is submi...

6.1CVSS6.1AI score0.00232EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42977

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS6.1AI score0.00286EPSS
Exploits0References4
NVD
NVD
added 3 days ago6 views

CVE-2026-56354

n8n before 1.123.24, 2.10.4, and 2.12.0 across its 1.x and 2.x branches contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions...

5.1CVSS0.00186EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42924

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References2
CVE
CVE
added 3 days ago10 views

CVE-2026-8609

Grafana CVE-2026-8609 describes an unauthenticated denial-of-service via repeated requests to the OAuth login route. The issue allows an attacker to trigger unbounded memory growth, potentially exhausting memory and crashing the Grafana instance. The entry provides CVSS v3.1 data (AV:N/AC:L/PR:N/...

5.3CVSS6.1AI score0.00359EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42887

n8n before 1.123.24, 2.10.4, and 2.12.0 across its 1.x and 2.x branches contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions...

5.1CVSS6.1AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 3 days ago6 views

CVE-2026-56354

CVE-2026-56354 affects n8n before 1.123.24, 2.10.4, and 2.12.0 (1.x and 2.x branches). The Form Node contains cross-site scripting and open redirect vulnerabilities caused by unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creat...

5.1CVSS6.1AI score0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-56354 n8n - Cross-Site Scripting and Open Redirect in Form Node

n8n before 1.123.24, 2.10.4, and 2.12.0 across its 1.x and 2.x branches contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions...

5.1CVSS0.00186EPSS
Exploits0References2
NVD
NVD
added 3 days ago10 views

CVE-2026-15299

The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...

6.4CVSS0.00193EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-57307

Name of the Vulnerable Software and Affected Versions miniOrange OAuth Single Sign On - SSO OAuth Client versions prior to 38.5.9 Description An authentication bypass exists in the miniOrange OAuth SSO WordPress plugin. An unauthenticated remote attacker can exploit an alternate password-recovery...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References3
Rows per page
Query Builder