1177 matches found
CVE-2026-1369 Conditional CAPTCHA <= 4.0.0 - Open Redirect
The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
WordPress plugin Conditional CAPTCHA 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There are...
PT-2026-21418
The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
SVXportal 安全漏洞
SVXportal is a portal website developed by Peter as an individual developer. Versions of SVXportal 2.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation for the search query parameter in the admin/log.php file, which could lead to...
CVE-2026-1714
The CVE concerns the WordPress plugin ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules (All in One Solution). Affected versions: all up to and including 3.3.2. The vulnerability resides in the woolentor_suggest_price_action AJAX endpoint, where there is no validation on the ...
CVE-2026-1296 Frontend Post Submission Manager Lite <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requestedpage' POST parameter in the verifyusernamepassword function. This makes it possible for unauthenticated...
WordPress plugin ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution 注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
IPFire 跨站脚本漏洞
IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. IPFire has a cross-site scripting vulnerability, which stems from insufficient validation of parameters such as HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost,...
CVE-2021-26381
Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption...
Improper Verification of Cryptographic Signature
Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.j...
Improper Verification of Cryptographic Signature
Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow ...
CVE-2021-26381
Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption...
CVE-2021-26381
Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption...
CVE-2021-26381
CVE-2021-26381 concerns improper system call parameter validation in the Trusted OS (TOS) that could let a malicious driver map/unmap a large number of pages, potentially causing kernel memory corruption. The connected sources describe this as a local, high-privilege issue with impact to memory c...
CVE-2021-26381
Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption...
CVE-2026-20123
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...
CVE-2026-20123
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...
CVE-2026-20123 Cisco Prime Infrastructure and Evolved Programmable Network Manager Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...
CVE-2025-67852
A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing...
GHSA-GRH9-37G7-53MJ WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow
Summary An Open Redirect vulnerability exists in the OAuth authentication flow that allows attackers to redirect users to external malicious websites after authentication. The vulnerability is caused by insufficient validation of the return parameter in the OAuth login initialization endpoint...