Lucene search
+L

75 matches found

vulnrichment
vulnrichment
added 2025/12/15 11:36 p.m.4 views

CVE-2025-66407 Weblate has Server-Side Request Forgery vulnerability

Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...

5CVSS6.1AI score0.0019EPSS
Exploits0References3
cve
cve
added 2025/11/18 8:55 a.m.11 views

CVE-2025-40545

Affected product: SolarWinds Observability Self-Hosted. Vulnerability: Open redirection due to improper URL sanitization in the application. Root cause / nature: URL handling allows manipulation of the redirect target. Impact (as stated): Potential to redirect users to a malicious site (confident...

4.8CVSS6.4AI score0.00205EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.13 views

EUVD-2021-21684

Malware in sbrugna...

6.1CVSS6.3AI score0.00587EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-4275

Malware in sbrugna...

7.5CVSS7.6AI score0.01408EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1710

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.0206EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/06/14 12:0 a.m.5 views

PT-2025-25468 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an unvalidated URL parameter. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue wa...

6.4AI score
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 7:39 a.m.12 views

CVE-2024-31993

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrapeimage function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the...

6.2CVSS6.5AI score0.00409EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 1:17 a.m.8 views

CVE-2017-1000163

The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks...

6.1CVSS6.8AI score0.0206EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/05/15 12:0 a.m.5 views

WordPress plugin Payment Gateway for Telcell 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.1CVSS6.1AI score0.00464EPSS
Exploits2References1
cve
cve
added 2025/04/15 8:19 p.m.77 views

CVE-2025-32778

CVE-2025-32778 affects Web-Check’s /api/screenshot endpoint. A user-controlled url is passed to a shell command via exec(), enabling command injection that could lead to arbitrary commands on the host. The issue is mitigated by replacing exec() with execFile(), which avoids a shell and properly i...

9.3CVSS7.9AI score0.19761EPSS
In wildExploits4References3
cnnvd
cnnvd
added 2025/03/20 12:0 a.m.5 views

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version 0.12.0 that originates from an unvalidated URL and could lead to a server-side request forgery attack...

7.5CVSS6.5AI score0.0061EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/03/20 12:0 a.m.5 views

ComfyUI 代码问题漏洞

ComfyUI is one of the most powerful and modular diffusion model GUI and backend from comfyanonymous individual developers. A code issue vulnerability exists in ComfyUI version v0.2.4, which stems from an unvalidated URL and could lead to a server-side request forgery attack...

7.5CVSS7.5AI score0.00703EPSS
Exploits1References1
github
github
added 2024/05/23 5:15 p.m.16 views

Silverstripe XSS in dev/build returnURL Parameter

A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site. This issue is resolved in framework 3.1.14 stable release...

6AI score
Exploits0References4Affected Software1
osv
osv
added 2024/05/23 5:15 p.m.7 views

GHSA-HQ4P-5MPR-JJ9M Silverstripe XSS in dev/build returnURL Parameter

A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site. This issue is resolved in framework 3.1.14 stable release...

4.7CVSS6AI score
Exploits0References4
vulnrichment
vulnrichment
added 2024/05/01 12:0 a.m.12 views

CVE-2024-25676

An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading...

7AI score0.00326EPSS
Exploits0References2
vulncheck_kev
vulncheck_kev
added 2023/12/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded...

7.5CVSS7.1AI score0.07879EPSS
Exploits2References1
cvelist
cvelist
added 2023/03/03 10:41 p.m.35 views

CVE-2023-26491 RSSHub is vulnerable to cross-site scripting (XSS) via unvalidated URL parameters

RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructe...

5.4CVSS6.3AI score0.00434EPSS
Exploits0References2
susecve
susecve
added 2023/02/15 5:21 a.m.2 views

SUSE CVE-2015-1298

The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtimeapi.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to a...

4.3CVSS8.9AI score0.01328EPSS
Exploits0References3
hackerone
hackerone
added 2022/11/23 5:16 p.m.119 views

Internet Bug Bounty: CVE-2022-45402: Apache Airflow: Open redirect during login

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's /login endpoint. my initial email to [email protected]: Hi, In Apache Airflow, there is a parameter "next" on the Login page. And after a successful login, we're redirected to this parameter's value. I see...

5.8CVSS6.2AI score0.81836EPSS
Exploits0
nvd
nvd
added 2022/07/14 1:15 p.m.23 views

CVE-2022-28372

On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtcfwupgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file uplo...

7.5CVSS0.00707EPSS
Exploits1References2
Rows per page
Query Builder