CVE-2026-23818

A vulnerability has been identified in the graphical user interface GUI of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an...

EUVD-2026-19600

A vulnerability has been identified in the graphical user interface GUI of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an...

CVE-2026-23818

A vulnerability has been identified in the graphical user interface GUI of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an...

PT-2026-30813

Name of the Vulnerable Software and Affected Versions HPE Aruba Networking Private 5G Core On-Prem affected versions not specified Description A flaw in the graphical user interface GUI login flow allows an attacker to use a crafted URL to perform an open redirect. This can be used in...

PT-2024-20589 · Graylog · Graylog

Name of the Vulnerable Software and Affected Versions: Graylog versions 4.3.0 through 5.1.10 Graylog versions 4.3.0 through 5.2.3 Description: The issue allows reauthenticating with an existing session cookie to re-use that session id, even if for different user credentials. This could be used to...

TP-Link T2600G-28SQ uses vulnerable SSH host keys

Overview TP-Link layer-2 switch T2600G-28SQ uses vulnerable SSH host keys CWE-1391. Kuniyuki Hasegawa of VeriServe Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact The credential information for a...

Office 365 Admins Targeted in Ongoing Phishing Scam

A phishing campaign that uses legitimate organizations’ Office 365 infrastructure to send emails has emerged onto the cyberscam scene. According to Michael Tyler at PhishLabs, cybercriminals are looking to compromise Microsoft Office 365 administrator accounts to send out phishing lures – thus...

DuckDuckGo: XSS in Subdomain of DuckDuckGo

A cross-site scripting vulnerability was discovered in a subdomain of DuckDuckGo. The subdomain had a Content Security Policy header intended to prevent script execution, but this could be bypassed in Internet Explorer. As a result, malicious scripts could be injected and executed in the...

Email Phishers Using New Way to Bypass Microsoft Office 365 Protections

Phishing works no matter how hard a company tries to protect its customers or employees. Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection ATP mechanism implemented by widely used...

‘One-Stop Shop’ – Phishing Domain Targets Information from Customers of Several Indian Banks

FireEye Labs recently discovered a malicious phishing domain designed to steal a variety of information – including credentials and mobile numbers – from customers of several banks in India. Currently, we have not observed this domain being used in any campaigns. The phishing websites appear to b...

‘One-Stop Shop’ – Phishing Domain Targets Information from Customers of Several Indian Banks

FireEye Labs recently discovered a malicious phishing domain designed to steal a variety of information – including credentials and mobile numbers – from customers of several banks in India. Currently, we have not observed this domain being used in any campaigns. The phishing websites appear to b...

Lunascape Address Bar Spoofing Vulnerability

Lunascape Browser is prone to Address Bar Spoofing vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Avant Browser Address Bar Spoofing Vulnerability

This host is installed with Avant Browser and is prone to Address Bar Spoofing vulnerability. OpenVAS Vulnerability Test $Id: gbavantbrowseraddrbarspoofingvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ Avant Browser Address Bar Spoofing Vulnerability Authors: Sharath S Copyright: Copyright c 2009...

Avant Browser Address Bar Spoofing Vulnerability

Avant Browser is prone to Address Bar Spoofing vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-3004

Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the sit...

CVE-2009-3006

Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site...

Design/Logic Flaw

Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site...

CVE-2009-3006

The CVE-2009-3006 entry concerns Maxthon Browser 2.5.3.80 UNICODE. The vulnerability allows a remote attacker to spoof the address bar by using window.open with a relative URI, causing the browser to display an arbitrary URL on the site visited by the victim and potentially trigger a spoofed logi...

CVE-2009-3003

Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the...