Lucene search
K

804 matches found

Nuclei
Nuclei
added 12 hours ago23 views

WP Content Copy Protection & No Right Click - Open Redirect

The WP Content Copy Protection & No Right Click plugin before version 15.3 contains an open-redirect vulnerability via the referrer parameter in no-js.php, allowing redirection of users to external sites. id: CVE-2024-6690 info: name: WP Content Copy Protection & No Right Click - Open Redirect...

6.1CVSS6.1AI score0.00473EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/07/06 7:40 p.m.4 views

CVE-2026-9546

A flaw was found in libcurl. This vulnerability causes the HTTP Referer header to persist even after it has been explicitly cleared. This can lead to the previous referrer string being unintentionally reused and sent in subsequent requests, potentially disclosing sensitive information to unintend...

7.5CVSS5.7AI score0.00652EPSS
Exploits1References6
EUVD
EUVD
added 2026/07/04 3:15 p.m.9 views

EUVD-2026-41678

A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MYController.php of the component Trusted Backend Interface. The manipulation of the argument hr...

5.3CVSS5.5AI score0.00273EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2026/07/03 6:18 a.m.7 views

CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:18 a.m.7 views

EUVD-2026-41494

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

6AI score0.00652EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/03 6:18 a.m.41 views

CVE-2026-9546 sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

0.00652EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/01 11:26 p.m.37 views

CVE-2026-55794 Craft CMS: Potential authenticated Remote Code Execution via referrer redirect

Craft CMS is a content management system CMS. In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries...

8.7CVSS0.00293EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40762

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00209EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-14075

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.8 views

CVE-2026-14075

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00209EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.25 views

CVE-2026-14075

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. Chromium security severity: Low...

0.00209EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.6 views

CVE-2026-14075

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00209EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:39 p.m.104 views

CVE-2026-14075

Technical details are not publicly available in the provided documents; the reports describe the vulnerability at a high level (no specifics on affected products/versions, exploitability, or fixes). Monitor for updates.

4.3CVSS5.8AI score0.00209EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54350

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient policy enforcement allows a remote attacker to bypass the no-referrer policy, which is a security mechanism that prevents the browser from sending the referrer heade...

9.8CVSS6AI score0.00413EPSS
Exploits0References445
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51755

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists where the HTTP Referer: header persists even after being explicitly cleared. Although passing NULL to CURLOPT REFERER is intended to suppress the header, the internal state is...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References35
Github Security Blog
Github Security Blog
added 2026/06/08 11:8 p.m.15 views

nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)

None of the response paths in internal/web/ or internal/api/ set the standard browser-security headers. grep for Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy returns zero matches across the codebase. Impact The admin UI signs CA...

5.5AI score0.00031EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/08 11:8 p.m.7 views

GHSA-W7W5-5GCP-38RW nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)

None of the response paths in internal/web/ or internal/api/ set the standard browser-security headers. grep for Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy returns zero matches across the codebase. Impact The admin UI signs CA...

7.1CVSS5.5AI score0.00031EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.15 views

PT-2026-47583

None of the response paths in internal/web/ or internal/api/ set the standard browser-security headers. grep for Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy returns zero matches across the codebase. Impact The admin UI signs CA...

7.1CVSS5.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47620

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.0 Description Response paths in internal/web/ and internal/api/ do not implement standard browser-security headers. The absence of X-Frame-Options: DENY or frame-ancestors 'none' in the Content-Security-Policy...

7.1CVSS5.9AI score0.00031EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:27 a.m.10 views

CVE-2026-5737

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References11
Rows per page
Query Builder