1299 matches found
Stable Diffusion Webui 1.10.0 - Open Redirect
An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence AI assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhi...
CVE-2026-48924
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
CVE-2026-48924
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
Fake Word Phishing Reveals Enterprise Blind Spot in Trusted Remote Access Tools
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings...
CVE-2026-43882 WWBN AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing
WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper...
Microsoft Partner Center 安全漏洞
The Microsoft Partner Center is an online platform operated by Microsoft Corporation in the United States. There is a security vulnerability in the Microsoft Partner Center, which stems from cross-domain resource references controlled by external parties. This vulnerability could allow unauthoriz...
GHSA-QH7Q-6QM3-653W Jupyter Server has an open redirection vulnerability in `next` query parameter
Summary The ?next=... URL query parameter has an open redirection vulnerability. In jupyterserver=2.17.0, this URL query parameter allows redirection to arbitrary external domains, which can be exploited to facilitate phishing attacks on server users. Details The vulnerability is caused by...
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
Microsoft Windows Remote Desktop Services 安全漏洞
Microsoft Windows Remote Desktop Services is a set of features provided by Microsoft that allow users to access graphical desktops and Windows applications remotely. There are security vulnerabilities in Microsoft Windows Remote Desktop Services. Attackers can exploit these vulnerabilities to car...
OpenBao Authorization Issues Vulnerability
OpenBao is OpenBao open source a sensitive data management software . OpenBao there is an authorization problem vulnerability , the vulnerability stems from JWT/OIDC login and role callbackmode is set to direct when the user is not prompted to confirm , an attacker can use this vulnerability lead...
CVE-2026-3825
IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
Siemens APE1808 Improper Neutralization of Input During Web Page Generation (CVE-2025-0133)
A reflected cross-site scripting XSS vulnerability in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The...
EUVD-2026-9499
Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...
Intimate products maker Tenga spilled customer data
Tenga confirmed reports published by several outlets that the company notified customers of a data breach. The Japanese manufacturer of adult products appears to have fallen victim to a phishing attack targeting one of its employees. Tenga reportedly wrote in the data breach notification: “An...
CVE-2025-27900
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...
CVE-2025-27900
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...
CVE-2025-27900
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...
CVE-2025-27900 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...