Lucene search
K

17390 matches found

CVE
CVE
added 6 hours ago9 views

CVE-2026-57963

The CVE describes a vulnerability in Thunderbird’s chat UI where an attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. Affected product: Thunderbird (chat UI component). Root cause: HTML/CSS cont...

5.9AI score
Exploits0References3
EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-40862

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

5.9AI score
Exploits0References3
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-40419

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS5.8AI score
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-58450

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday10 views

CVE-2026-6954 Multiple vulnerabilities in Intermark IT's WebControl CMS

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS0.00366EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-6954

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS5.9AI score0.00366EPSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-40271

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS5.9AI score0.00366EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday14 views

Mailcow < 2026-03b - Href Link Injection

mailcow 2026-03b reflects raw REQUESTURI into JavaScript and href links on the login page, allowing attackers to inject parameters that break JS logic and enable phishing. id: CVE-2026-40878 info: name: Mailcow 2026-03b - Href Link Injection author: ritikchaddha severity: low description: | mailc...

2.1CVSS5.8AI score0.00805EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday23 views

Babel - Open Redirect

Babel contains an open redirect vulnerability via redirect.php in the newurl parameter. An attacker can use any legitimate site using Babel to redirect user to a malicious site, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations. id:...

6.1CVSS6.2AI score0.04059EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday34 views

Eventum <3.4.0 - Open Redirect

Eventum before 3.4.0 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16761 info: name: Eventum 3.4.0 - Open Redirect author: 0xAkoko severity:...

6.1CVSS6.3AI score0.02201EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday29 views

WebsitePanel before v1.2.2.1 - Open Redirect

Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx id: CVE-2012-4032 info: name: WebsitePanel before v1.2.2.1 - Open Redirect author:...

5.8CVSS6AI score0.07304EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday41 views

Nova noVNC - Open Redirect

Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-3654 info: name: Nova noVNC - Open Redirect author: geeknik severity: medium...

6.1CVSS6.7AI score0.26792EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday72 views

TikiWiki CMS Groupware v8.3 - Open Redirect

tiki-featuredlink.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection id: CVE-2012-5321 info: name: TikiWiki CMS Groupware v8.3 - Open Redirect author: ctflearner severity:...

5.8CVSS5.8AI score0.07679EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday43 views

DotCMS < 5.0.2 - Open Redirect

dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify...

6.1CVSS6.3AI score0.03717EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday67 views

GLPI <9.4.6 - Open Redirect

GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. id: CVE-2020-11034 info: name: GLPI 9.4.6 - Open Redirect author: pikpikcu severity: medium description: GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. impact: | An attacker can exploit this...

6.1CVSS6.4AI score0.07608EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday31 views

Stable Diffusion Webui 1.10.0 - Open Redirect

An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...

6.1CVSS6.3AI score0.00816EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday42 views

Rudloff alltube prior to 3.0.1 - Open Redirect

An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1. id: CVE-2022-0692 info: name: Rudloff alltube prior to 3.0.1 - Open Redirect...

6.1CVSS6AI score0.03378EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday20 views

LabKey Server Community Edition <18.3.0 - Open Redirect

LabKey Server Community Edition before 18.3.0-61806.763 contains an open redirect vulnerability via the /r1/ returnURL parameter, which allows an attacker to redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...

6.1CVSS6.2AI score0.04825EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday78 views

ServiceNow - Cross-site Scripting

A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...

6.1CVSS6.3AI score0.01089EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday23 views

WordPress AcyMailing <7.5.0 - Open Redirect

WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user. id: CVE-2021-24288...

6.1CVSS6.4AI score0.01939EPSS
Exploits2References4
Rows per page
Query Builder