CVE-2025-70037

An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code...

PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. The campaign has been codenamed...

CVE-2025-20291

A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrusted website. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability exist...

CVE-2025-20291

A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrusted website. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability exist...

CVE-2024-28335

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect')

Summary An issue on Coder's login page allows attackers to craft a Coder URL that when clicked by a logged in user could redirect them to a website the attacker controls, e.g. https://google.com. Details On the login page, Coder checks for the presence of a redirect query parameter. On successful...

PT-2024-22395 · Lektor · Lektor

Name of the Vulnerable Software and Affected Versions: Lektor versions prior to 3.3.11 Description: The issue concerns the lack of sanitization of database path traversal in Lektor. This allows shell commands to be executed via a file added to the templates directory under specific conditions. Th...

SUSE CVE-2006-3331

Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks...

Elastic EpiServer Find Arbitrary Redirection Vulnerability

Elastic EpiServer Find is an open source application from Elastic. A search engine that enables developers to build great search experiences on websites , Intranet and almost any type of system with text content . An arbitrary redirection vulnerability in EpiServer Find versions prior to 13.2.7 c...

The vulnerability of the mod_rewrite function in the Apache HTTP Server allows attackers to gain unauthorized access to confidential information or compromise the integrity of that information.

The vulnerability of the modrewrite function in the Apache HTTP Server relates to the redirection of URLs to an unreliable website. Exploiting this vulnerability can allow attackers to gain unauthorized access to confidential information or affect the integrity of that information through special...

Insolar: XDSI(Cross Domain Script Inclusion)

Summary: As I did not get the proper CWE id over id to add but the proper CWE id is 829: The page includes one or more script files from a third-party domain. Here you are including in your website, someone else's code; You don't have any control over what is in that code, and you don't have any...

Information disclosure

The Adobe Type Manager Font Driver ATMFD.dll in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially...