Lucene search
+L

3549 matches found

nuclei
nuclei
added 8 hours ago85 views

Travelpayouts <= 1.1.16 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...

6.1CVSS6.1AI score0.00891EPSS
Exploits2References2
nuclei
nuclei
added 8 hours ago153 views

Nova noVNC - Open Redirect

Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-3654 info: name: Nova noVNC - Open Redirect author: geeknik severity: medium...

6.1CVSS6.7AI score0.26792EPSS
Exploits1References5
nuclei
nuclei
added 8 hours ago87 views

b2evolution CMS <6.11.6 - Open Redirect

b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirectto parameter in emailpassthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-22840 info:...

6.1CVSS6.4AI score0.13817EPSS
Exploits3References5
nuclei
nuclei
added 8 hours ago55 views

vBulletin - Open Redirect

vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-6200 info: name:...

6.1CVSS6.4AI score0.03474EPSS
Exploits1References3
nuclei
nuclei
added 8 hours ago72 views

Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting

The Oracle WebCenter Sites component of Oracle Fusion Middleware is susceptible to multiple instances of cross-site scripting that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Sites. Impacted versions that are affected are 11.1.1.8.0, 12.2.1.2....

8.2CVSS7AI score0.3945EPSS
Exploits4References5
nuclei
nuclei
added 8 hours ago71 views

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. id: CVE-2019-2578 info: name: Oracle Fusion...

8.6CVSS7AI score0.72402EPSS
Exploits0References5
nuclei
nuclei
added 8 hours ago48 views

Prometheus - Open Redirect

Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...

6.5CVSS6.5AI score0.1956EPSS
Exploits0References5
cve
cve
added yesterday5 views

CVE-2026-40957

CVE-2026-40957 describes a frameable content vulnerability in the Secure Access server login page prior to version 14.55. By controlling a malicious web site, an attacker could potentially steal credentials from an administrator visiting the login page. The connected sources confirm the existence...

7.5CVSS6AI score
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2 days ago6 views

PT-2026-58025

An open redirect in Ivanti Xtraction before version 2026.2.1 allows a remote unauthenticated attacker to redirect users to arbitrary external URLs...

4CVSS6.2AI score0.00512EPSS
Exploits0References4
snyk
snyk
added 5 days ago3 views

Open Redirect

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Open Redirect via the URL redirection process. An attacker can redirect users to malicious sites or poison cache by crafting...

5.9CVSS6.1AI score0.00206EPSS
Exploits0References2
cvelist
cvelist
added 6 days ago30 views

CVE-2026-47199 Frappe: check_safe_sql_query Permits SELECT INTO OUTFILE

Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, checksafesqlquery permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if database permissions are not well aligned and MySQL FILE privileges are available. This issue is fixed in...

2.3CVSS0.00401EPSS
Exploits0References7
thn
thn
added 2026/07/09 4:1 a.m.13 views

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes

Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to...

6.1AI score
Exploits0
euvd
euvd
added 2026/07/03 8:36 p.m.8 views

EUVD-2026-41600

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS7.7AI score0.00397EPSS
Exploits1References1
nvd
nvd
added 2026/07/02 12:16 p.m.5 views

CVE-2025-66076

Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...

5.3CVSS0.00214EPSS
Exploits0References1
cve
cve
added 2026/07/02 11:14 a.m.11 views

CVE-2025-66076

The CVE concerns WordPress Woostify Sites Library plugin (versions ≤ 1.6.2) with an Unauthenticated Broken Access Control vulnerability. The connected documents confirm the affected product and issue type but do not provide a remediation version or explicit exploit details. No further technical s...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/02 11:14 a.m.38 views

CVE-2025-66076 WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...

5.3CVSS0.00214EPSS
Exploits0References1
euvd
euvd
added 2026/07/02 2:14 a.m.10 views

EUVD-2026-41241

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.12 views

PT-2026-54960

Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References3
patchstack
patchstack
added 2026/06/29 12:0 p.m.4 views

WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Woostify Sites Library versions = 1.6.2...

5.3CVSS5.8AI score0.00214EPSS
Exploits0Affected Software1
ptsecurity
ptsecurity
added 2026/06/29 12:0 a.m.11 views

PT-2026-53702

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A malicious website may be able to process restricted web content outside the sandbox. A sandbox is a...

7.1CVSS5.9AI score0.00182EPSS
Exploits0References8
Rows per page
Query Builder