Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2026/05/15 4:21 p.m.7 views

SimpleSAMLphp casserver: Open Redirect in logout

Summary The logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. There are a number of other things broke...

6.1CVSS5.8AI score0.00269EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/15 12:0 a.m.8 views

PT-2026-41385

Name of the Vulnerable Software and Affected Versions SimpleSAMLphp-casserver versions prior to 6.3.1 SimpleSAMLphp-casserver versions prior to 7.0.0 Description The logout endpoint accepts a url query parameter for redirection. The server treats this URL as trusted and, depending on the...

6.1CVSS5.8AI score0.00269EPSS
Exploits1References13
Vulnrichment
Vulnrichmentadded 2026/05/14 8:12 p.m.11 views

CVE-2026-44661 python-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

4.7CVSS5.8AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/08 11:24 a.m.32 views

CVE-2026-3318 Multiple vulnerabilities in Cradle e-commerce

Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The vulnerability occurs in the login form endpoint, where the ‘returnUrl’ parameter allows redirection because the web application accepts a URL as a parameter without properly validating it. As a result,...

5.3CVSS0.00339EPSS
Exploits0References1
Snyk
Snykadded 2024/09/09 3:40 p.m.3 views

Improper Validation of Unsafe Equivalence in Input

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the srcset attribute, which allows bypassing the imgSrcSanitizationTrustedUrlList allowlist. An attacke...

6.3CVSS6.8AI score0.00574EPSS
Exploits1References2
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2021/04/09 8:16 a.m.2 views

Multiple vulnerabilities in multiple Aterm products

Overview Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 OS command injection via UPnP CWE-78 - CVE-2014-8361 CVE-2021-20680 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this...

10CVSS7.6AI score0.99975EPSS
Exploits6References8
CNVD
CNVDadded 2017/02/21 12:0 a.m.2 views

Apple Safari Open Redirect Vulnerability

Apple Safari is a web browser developed by Apple, Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in Apple Safari versions prior to 10.0.3. The vulnerability can be exploited by an attacker to spoof a trusted web source URL a...

6.5CVSS6.4AI score0.01335EPSS
Exploits0References1
Rows per page
Query Builder