CVE-2026-5737

CVE-2026-5737 concerns the Independent Analytics plugin for WordPress, vulnerable through an unauthenticated SSRF in versions up to 2.14.9. A public tracking route at /wp-json/iawp/search accepts attacker-controlled referrer_url values when signatures match, compounded by a scheduled favicon fetc...

Linux Distros Unpatched Vulnerability : CVE-2024-33999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The referrer URL used by MFA required additional sanitizing, rather than being used directly. CVE-2024-33999 Note that Nessus relies on the presence of the...

PT-2021-13851 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: keycloak affected versions not specified Description: A flaw was found in the new account console of keycloak, allowing malicious code to be executed using the referrer URL. The highest threat from this issue is to data confidentiality and...

UBUNTU-CVE-2018-20483

setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...