Lucene search
K

108917 matches found

EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44515

A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcpgetComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack ma...

7.5CVSS6.3AI score
Exploits0References7
EUVD
EUVD
added yesterday11 views

EUVD-2026-36132

Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges...

8.6CVSS6.1AI score0.00269EPSS
Exploits1References2
CVE
CVE
added yesterday2 views

CVE-2026-58478

SIP 5.2.16 has a server-side request forgery (SSRF) vulnerability when the optional Node-RED plugin is installed. An unauthenticated attacker can supply a malicious callback URL and cause the device to issue arbitrary HTTP requests due to lack of destination validation, aided by the default passp...

6.5CVSS6.2AI score
Exploits2References2Affected Software1
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-48978

A flaw was found in oras-go. The auth.Client in oras-go does not properly validate the scheme or host of the realm URL provided in a registry's WWW-Authenticate: Bearer challenge. A remote attacker, operating a malicious registry or performing a man-in-the-middle attack, could exploit this to...

3.1CVSS6AI score
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-53539

A flaw was found in Python-Multipart, a streaming multipart parser. A remote attacker can exploit this vulnerability by submitting a specially crafted application/x-www-form-urlencoded body. This can cause the QuerystringParser to perform inefficient processing, leading to excessive CPU...

7.5CVSS6.1AI score0.00263EPSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-43638

Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...

9.1CVSS6.1AI score0.00156EPSS
Exploits0References1
CVE
CVE
added yesterday32 views

CVE-2026-59083

Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...

9.1CVSS6.1AI score0.00156EPSS
Exploits0References2Affected Software1
Nuclei
Nuclei
added yesterday15 views

Ozette Plugins - Cross-Site Request Forgery

An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...

8.8CVSS7AI score0.0161EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday107 views

MooSocial 3.1.8 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exisits in the dataredirecturl parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL. id: CVE-2023-43325 info: name: MooSocial 3.1.8 - Cross-Sit...

6.1CVSS6.4AI score0.01857EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday26 views

WordPress StageShow <5.0.9 - Open Redirect

WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshowredirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter. id: CVE-2015-5461 info: name:...

6.4CVSS6.2AI score0.06283EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday12 views

MajorDoMo - Cross-Site Scripting

MajorDoMo contains a reflected XSS caused by unsanitized $qry parameter in command.php, letting attackers inject arbitrary JavaScript via crafted URLs, exploit requires victim to visit malicious URL. id: CVE-2026-27176 info: name: MajorDoMo - Cross-Site Scripting author: DhiyaneshDk severity:...

6.1CVSS6.2AI score0.00449EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday18 views

FastChat - Open Redirect

Detects an open redirect vulnerability in lm-sys/fastchat version 0.2.36, which allows attackers to redirect users to malicious URLs. id: CVE-2024-10908 info: name: FastChat - Open Redirect author: DhiyaneshDK severity: medium description: | Detects an open redirect vulnerability in lm-sys/fastch...

6.1CVSS6.4AI score0.0077EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday99 views

Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS)

It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attacker’s JavaScript code in the context of the victim’s browser. If the Calibre server is running with...

6.1CVSS6.3AI score0.2406EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday38 views

UC Gateway Investment SiteEngine v5.0 - Open Redirect

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action. id: CVE-2008-7269 info: name: UC Gateway Investment SiteEngine v5.0 - Open...

5.8CVSS6.2AI score0.09254EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday69 views

Telaen => v1.3.1 - Open Redirect

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. id: CVE-2013-2621 info: name: Telaen = v1.3.1 - Open Redirect author: ctflearner severity: medium description: | Open Redirection...

6.1CVSS6.5AI score0.10692EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday148 views

Odoo <= 8.0-20160726 & 9.0 - Open Redirect

An Open Redirect vulnerability in Odoo versions = 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL. id: CVE-2017-5871 info: name: Odoo = 8.0-20160726 & 9.0 - Open Redirect author: 1337rokudenashi severity: medium description: | An Open...

5.8CVSS6.2AI score0.02676EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday59 views

Post Sync Plugin <= 1.1 - Cross-Site Scripting

Post Sync WordPress plugin = 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a maliciou...

6.1CVSS7AI score0.0061EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday29 views

iboss Secure Web Gateway - Stored Cross-Site Scripting

A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...

6.1CVSS5.3AI score0.22002EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday40 views

Widget4Call WordPress - Cross-Site Scripting

Widget4Call WordPress plugin = 1.0.7 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13099 info: name:...

5.4CVSS7.2AI score0.00674EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday12 views

DedeCMS - Open Redirect via download.php

Dedecms 5.71sp1 and earlier contain a URL redirect caused by a logic error that does not properly validate GET request input, letting attackers redirect users to arbitrary URLs, exploit requires sending crafted GET requests. id: CVE-2024-57241 info: name: DedeCMS - Open Redirect via download.php...

6.5CVSS6.2AI score0.01125EPSS
Exploits0References2
Rows per page
Query Builder