CVE-2026-20256

Splunk Enterprise (versions < 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (versions

PT-2026-48496

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic...

CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

CVE-2026-44427 MCP Registry: Open Redirect

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

EUVD-2026-21148

SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering...

CVE-2026-40107

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...

EUVD-2026-13897

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

CVE-2026-33397

The CVE concerns Angular SSR bottleneck/open-redirect in @angular/ssr. Affected series: 22.x before 22.0.0-next.2, 21.x before 21.2.3, and 20.x before 20.3.21, with a patch included in 22.0.0-next.2, 21.2.3, and 20.3.21. Root cause: incomplete fix for CVE-2026-27738 where a single backslash in X-...

VulnCheck KEV: CVE-2025-55303

Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...

AZL-77631 CVE-2026-25765 affecting package rubygem-faraday 2.7.10-1

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Impact Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs e.g. //evil.com/path are treated as network-path references that override the base URL's host/authority...

CVE-2026-25765 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client

The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery XSRF token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol...

EUVD-2023-0062

Malicious code in bioql PyPI...

EUVD-2023-41885

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-38059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the I...

Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

CVE-2025-55303

Astro before 5.13.2 and 4.16.18 has an information disclosure vulnerability in the on-demand rendering image optimization endpoint (_image) that can bypass third-party domain restrictions using protocol-relative URLs (e.g., /_image?href=//example.com/image.png). This allows serving images from un...

Mozilla: Bypass "No Links" Restriction in Biography via Protocol-Relative URL (//)

The report identifies a bypass vulnerability in the biography field on addons.allizom.org. Despite the application's policy against allowing links, it was possible to embed functional hyperlinks using protocol-relative URLs //evil.com. This violation of the declared application policy was achieve...