CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

100 matches found

RedhatCVE•added 2026/03/09 8:2 a.m.•1 views

CVE-2026-30839

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

5.3CVSS5.7AI score0.00013EPSS

Exploits1References1

RedhatCVE•added 2026/03/02 4:18 a.m.•1 views

CVE-2026-28415

A flaw was found in Gradio, an open-source Python package. The redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter. A remote attacker can exploit this vulnerability by crafting a malicious URL, leading to an open redirect. This allows the attacker to...

4.7CVSS5.9AI score0.00013EPSS

Exploits0References4

OSV•added 2026/03/01 1:29 a.m.•2 views

GHSA-PFJF-5GXR-995X Gradio has an Open Redirect in its OAuth Flow

Summary The redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled i.e. apps running on Hugging Face Spaces with...

4.3CVSS6AI score0.00013EPSS

Exploits0References5

Snyk•added 2026/02/28 12:14 a.m.•2 views

Open Redirect

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect via the redirecttotarget function in the OAuth flow, which accepts an unvalidated targeturl query parameter. An attacker can redirect...

5.3CVSS6AI score0.00013EPSS

Exploits0References2

OSV•added 2026/02/27 10:16 p.m.•2 views

PYSEC-2026-65

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...

4.7CVSS5.9AI score0.00013EPSS

Exploits0References1

Vulnrichment•added 2026/02/27 9:44 p.m.•2 views

CVE-2026-28415 Gradio has Open Redirect in OAuth Flow

4.3CVSS6AI score0.00013EPSS

Exploits0References1

OSV•added 2026/02/27 9:44 p.m.•1 views

CVE-2026-28415 Gradio has Open Redirect in OAuth Flow

4.3CVSS6AI score0.00013EPSS

Exploits0References3

CNNVD•added 2026/02/27 12:0 a.m.•5 views

Gradio 输入验证错误漏洞

Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Prior to version 6.6.0, Gradio had a vulnerability related to input validation. This vulnerability stemmed from the redirecttotarget function in the...

4.7CVSS5.8AI score0.00013EPSS

Exploits0References1

GithubExploit•added 2025/12/15 8:53 p.m.•124 views

XSS-FINDER

usage python xssscanner.py ╔═════════════════════════════════...

6.5AI score

Exploits0

GithubExploit•added 2025/12/07 9:42 a.m.•120 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 PoC Usage bash Interacti...

10CVSS7.2AI score0.82011EPSS

Exploits358

GithubExploit•added 2025/11/18 5:44 p.m.•108 views

Snitch-Scan

PoC exploit for XSS vulnerability scanner. The target product/se...

6.6AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2019-4603

Malware in sbrugna...

6.1CVSS6.5AI score0.00553EPSS

Exploits0References12

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2010-0345

Malware in sbrugna...

5CVSS6.1AI score0.07847EPSS

Exploits2References7

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2021-30465

Malicious code in bioql PyPI...

6.5CVSS8AI score0.00563EPSS

Exploits0References25

GithubExploit•added 2025/06/10 8:36 p.m.•82 views

Exploit for CVE-2024-57378

CVE-2024-57378 How does this detection method work? Thi...

7.3CVSS7AI score0.0012EPSS

Exploits1

CNNVD•added 2025/04/28 12:0 a.m.•1 views

WebArena 注入漏洞

WebArena is web-arena-x open source a code repository for building real web environments with autonomous agents. An injection vulnerability exists in WebArena version 0.2.0 and earlier, which stems from code injection due to incorrect manipulation of the parameter targeturl in the file...

8.8CVSS6.6AI score0.00302EPSS

Exploits1References5

GithubExploit•added 2025/04/21 11:57 p.m.•284 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CrushFTP CVE-2025-31161 Exploit Tool 🔓 Advanced detection an...

9.8CVSS7.6AI score0.88937EPSS

Exploits20

CNNVD•added 2025/04/20 12:0 a.m.•2 views

KnowBe4 Security Awareness Training 安全漏洞

KnowBe4 Security Awareness Training is a human risk management software from KnowBe4. A security vulnerability exists in KnowBe4 Security Awareness Training versions prior to 2020-01-10, which stems from an unvalidated target URL resulting in an insecure redirection feature...

6.1CVSS6.6AI score0.00161EPSS

Exploits1References1

PyPA•added 2025/03/20 10:15 a.m.•5 views

PYSEC-2025-98

A Server-Side Request Forgery SSRF vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability allows an attacker to construct a response link by saving the response in a folder named after the SHA-1 hash of the target URL. This enables the attacker to access th...

6.5CVSS6.8AI score0.0031EPSS

Exploits1References1Affected Software1

GithubExploit•added 2025/02/19 8:13 a.m.•470 views

Exploit for Uncontrolled Resource Consumption in Ietf Http

CVE-2023-44487 POC for CVE-2...

7.5CVSS7.3AI score0.944EPSS

Exploits19

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by