Lucene search
+L

9890 matches found

Cvelist
Cvelist
added 2026/06/23 10:9 p.m.31 views

CVE-2026-54588 Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction.

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled HTTPHOST request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An...

9.6CVSS0.00312EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 10:9 p.m.7 views

CVE-2026-54588

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled HTTPHOST request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An...

9.6CVSS6AI score0.00312EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/23 9:16 p.m.11 views

CVE-2026-46553

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...

5.3CVSS0.0024EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 9:16 p.m.9 views

CVE-2026-46547

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...

6.1CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:42 p.m.32 views

CVE-2026-46547 NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...

6.1CVSS0.00156EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.19 views

CVE-2026-54009

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the...

6.5CVSS0.00225EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/06/23 5:33 p.m.16 views

Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS

Summary The Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with p.AllowURLSchemes"data" which permits all data URI schemes...

6.4CVSS6.1AI score0.00677EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:49 p.m.5 views

CVE-2026-54009

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the...

6.5CVSS5.9AI score0.00225EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 4:49 p.m.50 views

CVE-2026-54009 Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the...

6.5CVSS0.00225EPSS
Exploits1References1
NVD
NVD
added 2026/06/22 9:16 p.m.13 views

CVE-2026-41479

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The...

5.4CVSS0.0016EPSS
Exploits1References2
CVE
CVE
added 2026/06/22 8:35 p.m.32 views

CVE-2026-41479

Authlib’s OAuth 2.0 authorization endpoint is vulnerable to an unauthenticated open redirect when an unsupported response_type is requested and a attacker-controlled redirect_uri is supplied. This occurs before client lookup and any redirect_uri validation, allowing a single request to yield a 30...

5.4CVSS6AI score0.0016EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 8:35 p.m.31 views

CVE-2026-41479 Authlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_type

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The...

5.4CVSS0.0016EPSS
Exploits1References2
NVD
NVD
added 2026/06/22 2:17 p.m.17 views

CVE-2026-56425

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 12:25 p.m.26 views

CVE-2026-56425

CVE-2026-56425 affects the AAD authentication plugin for MISP (OAuth 2.0). The vulnerability stems from using session_id() as the OAuth state parameter, lack of session rotation after login, no dedicated nonce for the state, and not enforcing HTTPS for the redirect URI. Additional issue: OAuth er...

9.3CVSS5.9AI score0.00258EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:0 a.m.4 views

CVE-2025-66389

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

5.9AI score0.00853EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.10 views

Amazon Linux 2023 : python3-mako (ALAS2023-2026-1846)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1846 advisory. Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an...

8.7CVSS5.9AI score0.00361EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51297

Name of the Vulnerable Software and Affected Versions GitHub Copilot version 1.372.0 Description An issue exists where the software allows filesystem access outside of a workspace folder without user approval. This occurs via a file-handler URI parameter used in the fetch webpage function. This...

7.5CVSS5.8AI score0.00853EPSS
Exploits1References6
Mageia
Mageia
added 2026/06/18 9:28 p.m.17 views

Updated libupnp packages fix security vulnerability

Port truncation via atoi cast in parseuri allows SSRF port confusion. CVE-2026-41682...

6.9CVSS5.2AI score0.00346EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.7 views

Siemens RUGGEDCOM RST2428P Integer Overflow or Wraparound (CVE-2025-13601)

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

7.7CVSS6.8AI score0.00313EPSS
Exploits1References4
CVE
CVE
added 2026/06/17 7:59 p.m.20 views

CVE-2026-48822

Shaarli (versions ≤ 0.16.1) contains a stored XSS in the Bookmark Description field when a malicious javascript: URI is injected via Markdown reference links. The root cause is in BookmarkMarkdownFormatter.php: filterProtocols uses a regex that catches inline links but does not inspect Markdown r...

5.8CVSS5.4AI score0.0012EPSS
Exploits0References2
Rows per page
Query Builder