PT-2026-39677

Summary The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and...

GHSA-9857-6MW7-FQ2M gix-transport: HTTP credentials leaked to redirected host in curl backend

Summary The curl-based HTTP transport in gix-transport sends user credentials passwords, tokens to an attacker-controlled server after an HTTP redirect. When a server responds with a 302 redirect during the initial GET /info/refs, gitoxide records the redirected base URL and rewrites all subseque...

CVE-2001-1545

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests a.k.a. rewriting when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing...

EUVD-2009-1201

Malware in sbrugna...

EUVD-2001-1522

Malware in sbrugna...

EUVD-2013-1053

Malware in sbrugna...

EUVD-2014-6053

Malware in sbrugna...

EUVD-2025-6734

Malicious code in bioql PyPI...

CVE-2025-6429 Incorrect parsing of URLs could have allowed embedding of youtube.com

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Firefox 140, Firefox E...

CVE-2025-0431

Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of...

CVE-2025-0431

Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of...

CVE-2025-0431

Proofpoint Enterprise Protection contains a vulnerability in URL rewriting where improper filtering of backslashes in URLs can allow an unauthenticated remote attacker to send an email that bypasses URL protections, affecting recipient email integrity. Affected are all 8.21, 8.20, and 8.18 branch...

CVE-2025-0431 Enterprise Protection Backslash URL Rewrite Bypass

Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of...

Exploit for HTTP Request Smuggling in Apache Http_Server

CVE 2023 25690 - Proof of Concept Published: 7 March 2023...

SUSE CVE-2009-0788

Red Hat Network RHN Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to 1 obtain unspecified sensitive host information or 2 use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors...

CVE-2022-39298

MelisFront (melis-front) on Melis Platform contains a deserialization of untrusted data vulnerability that enables arbitrary PHP code execution. The issue affects affected versions of melisplatform/melis-front and can be exploited without authentication. The root cause is deserializing user-contr...

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server Version 7.0.0.37

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.37, IBM WebSphere Application Server Hypervisor 7.0.0.37 and IBM HTTP Server 7.0.0.37 Vulnerability Details CVE ID:CVE-2014-6167 APAR PI23819 DESCRIPTION: IBM WebSphere Application Server may ...

GHSA-V6XV-RMQC-WCC8 Typo3 Open Redirect In Frontend Rendering

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, allows remote attackers to change URLs to arbitrary domains. An attacker could forge a request which modifies anchor only links on the homepage of a TYPO3 installation such that...

Typo3 Open Redirect In Frontend Rendering

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, allows remote attackers to change URLs to arbitrary domains. An attacker could forge a request which modifies anchor only links on the homepage of a TYPO3 installation such that...

Design/Logic Flaw

In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings...