Lucene search
K

1778 matches found

Nuclei
Nuclei
added yesterday28 views

ZZcms - Cross-Site Scripting

ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. id: CVE-2020-20285 info: name: ZZcms -...

5.4CVSS6.3AI score0.01395EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday23 views

Microsoft SharePoint Server - Authentication Bypass (ToolShell)

Microsoft Office SharePoint Server contains an improper authentication vulnerability that allows unauthorized attackers to perform spoofing over a network. By crafting a POST request to /layouts/15/ToolPane.aspx with a forged Referer header /layouts/SignOut.aspx, attackers can bypass authenticati...

9.8CVSS7.3AI score0.99979EPSS
Exploits41References5
Nuclei
Nuclei
added yesterday11 views

JumpServer - Open Redirect via Referer Header

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. id:...

6.9CVSS6.1AI score0.00442EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday258 views

ZTE MF971R - Referer authentication bypass

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. id: CVE-2021-21745 info: name: ZTE MF971R - Referer authentication bypass...

4.3CVSS6.7AI score0.55709EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday46 views

Webmin < 1.920 - Authenticated Remote Code Execution

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

8.8CVSS7.1AI score0.38038EPSS
Exploits4References5
NVD
NVD
added 4 days ago6 views

CVE-2026-55461

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url-previous from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect-intended... when redirectoption=back is submitted, allowing Snipe-IT to be used a...

6.1CVSS0.00232EPSS
Exploits0References3
CVE
CVE
added 4 days ago6 views

CVE-2026-55461

Snipe-IT (IT asset/license management) versions prior to 8.6.2 are vulnerable: the user edit flow stores url()-&gt;previous() from the attacker-controlled Referer header into Laravel’s intended URL session value and subsequently uses redirect()-&gt;intended(...) when redirect_option=back is submi...

6.1CVSS6.1AI score0.00232EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 9:37 p.m.7 views

EUVD-2026-41213

Craft CMS: Potential authenticated Remote Code Execution via referrer redirect...

8.7CVSS6.1AI score0.00293EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/06 7:40 p.m.4 views

CVE-2026-9546

A flaw was found in libcurl. This vulnerability causes the HTTP Referer header to persist even after it has been explicitly cleared. This can lead to the previous referrer string being unintentionally reused and sent in subsequent requests, potentially disclosing sensitive information to unintend...

7.5CVSS5.7AI score0.00652EPSS
Exploits1References6
Snyk
Snyk
added 2026/07/03 8:18 a.m.17 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data due to the improper clearing of the CURLOPTREFERER option. An attacker can cause sensitive information to be disclosed by forcing the reuse and transmission of a previous referer header ...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References2
OSV
OSV
added 2026/07/03 7:16 a.m.3 views

ALPINE-CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.8 views

CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS0.00652EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:18 a.m.7 views

EUVD-2026-41494

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

6AI score0.00652EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:18 a.m.7 views

CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:18 a.m.21 views

CVE-2026-9546

CVE-2026-9546 is a libcurl vulnerability where the HTTP Referer header persists after CURLOPT_REFERER is cleared, due to an internal state not being cleared. Affected versions are prior to 8.21.0 (e.g., 8.18.0). This can cause leakage of the previous referrer to subsequent requests. The practical...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/07/03 6:18 a.m.41 views

CVE-2026-9546 sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

0.00652EPSS
Exploits1References3
NVD
NVD
added 2026/07/03 6:16 a.m.8 views

CVE-2026-14352

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00473EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/03 4:30 a.m.8 views

CVE-2026-14352

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00473EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/03 4:30 a.m.35 views

CVE-2026-14352 AR for WooCommerce <= 8.40 - Unauthenticated Path Traversal to Arbitrary File Read via 'file' Parameter

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00473EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/03 4:30 a.m.7 views

EUVD-2026-41485

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00473EPSS
Exploits0References7
Rows per page
Query Builder