Lucene search
K

807 matches found

Nuclei
Nuclei
added 9 hours ago10 views

JumpServer - Open Redirect via Referer Header

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. id:...

6.9CVSS5.8AI score0.00442EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago26 views

ZZcms - Cross-Site Scripting

ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. id: CVE-2020-20285 info: name: ZZcms -...

5.4CVSS6.1AI score0.01552EPSS
Exploits1References3
NVD
NVD
added 18 hours ago6 views

CVE-2026-55794

Craft CMS is a content management system CMS. In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries...

8.7CVSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-55794

Craft CMS

8.7CVSS5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

libcurl 8.18.0 < 8.21.0 Persistent Referer Header Information Disclosure

The version of libcurl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - A vulnerability in libcurl caused the HTTP Referer header to persist even when explicitly cleared, potentially leaking sensitive information to...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52624

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An open redirect issue exists due to the use of a substring check instead of a host check within the str contains$referer, CACTI PATH URL logic. When the login opts variable is set to '1', the auth...

6.1CVSS5.6AI score0.00151EPSS
Exploits1References4
OSV
OSV
added 2026/06/24 2:0 p.m.2 views

UBUNTU-CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/24 8:0 a.m.11 views

CURL-CVE-2026-9546 sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

5.9AI score
Exploits0
Nuclei
Nuclei
added 2026/06/22 5:20 a.m.21 views

Microsoft SharePoint Server - Authentication Bypass (ToolShell)

Microsoft Office SharePoint Server contains an improper authentication vulnerability that allows unauthorized attackers to perform spoofing over a network. By crafting a POST request to /layouts/15/ToolPane.aspx with a forged Referer header /layouts/SignOut.aspx, attackers can bypass authenticati...

9.8CVSS7.7AI score0.99982EPSS
Exploits41References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in curl

curl 7.1.1 up to and including 7.75.0 is vulnerable to a “Exposure of Private Personal Information to an Unauthorized Actor” by leaking credentials in the HTTP Referer: header. libcurl does not remove user credentials from the URL when automatically filling in the Referer: HTTP request header fie...

5.3CVSS6.6AI score0.05301EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/10 10:13 p.m.13 views

nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs)

internal/web/operators.go:251 — after handleOperatorCreateAPIKey mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?newkey=&keyname= The raw API key ends up: - in the browser's URL history - in the Referer header on every cross-origin asset the detai...

5.5AI score0.00012EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48602

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.2 Description After the handleOperatorCreateAPIKey function in internal/web/operators.go:251 generates a 32-byte bearer token, the application redirects the browser to the endpoint /ui/operators/?new key=&key...

5.5CVSS5.9AI score0.00012EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2026/06/10 12:0 a.m.7 views

Erlang/OTP -- httpc leaks authentication headers on cross-host redirect

https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh reports: The HTTP client httpc in inets now removes Authorization, Proxy-Authorization, Cookie, Referer, and Origin headers when following a redirect to a different host or port, following the requirements of RFC 9110 section...

7.1CVSS5.5AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.10 views

CVE-2026-48589

A flaw was found in Apache Shiro's Jakarta EE module. Insufficient validation of the HTTP Referer header, a client-controlled value, could allow an attacker to influence the redirect target after a user login. This vulnerability can be exploited to redirect users to malicious sites, potentially...

5.4CVSS5.8AI score0.00352EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.8 views

CVE-2026-40295

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

6.1CVSS5.5AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-40598

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode...

6.9CVSS4.8AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.10 views

CVE-2026-35572

ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts SSRF by supplying a crafted URL in the Referer request header. The server subsequently makes an outbound request to the attacker-controlled domain,...

7CVSS5.6AI score0.00296EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/06/04 7:32 p.m.21 views

Shopware SSO referer trust leading to an arbitrary redirect target

Description This report describes an open redirect in Shopware's public SSO entry point at GET /api/oauth/sso/auth. When the endpoint is reached without the expected SSO session state, the application falls back to the request's Referer header and uses that value as the redirect destination. In t...

6AI score0.00029EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/06/04 7:32 p.m.8 views

GHSA-4X3X-869W-XX3M Shopware SSO referer trust leading to an arbitrary redirect target

Description This report describes an open redirect in Shopware's public SSO entry point at GET /api/oauth/sso/auth. When the endpoint is reached without the expected SSO session state, the application falls back to the request's Referer header and uses that value as the redirect destination. In t...

4.3CVSS6AI score0.00029EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46888

Description This report describes an open redirect in Shopware's public SSO entry point at GET /api/oauth/sso/auth. When the endpoint is reached without the expected SSO session state, the application falls back to the request's Referer header and uses that value as the redirect destination. In t...

4.3CVSS6AI score0.00029EPSS
Exploits0References4
Rows per page
Query Builder