UC Gateway Investment SiteEngine v5.0 - Open Redirect

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action. id: CVE-2008-7269 info: name: UC Gateway Investment SiteEngine v5.0 - Open...

GPT Academic v1.3.9 - Open Redirect

An open redirect vulnerability exists in GPT Academic v1.3.9, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-10812 info: name:...

XWiki - Open Redirect

XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0. id: CVE-2023-32068 info: name: XWiki - Open Redirect author:...

Telaen => v1.3.1 - Open Redirect

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. id: CVE-2013-2621 info: name: Telaen = v1.3.1 - Open Redirect author: ctflearner severity: medium description: | Open Redirection...

EpiServer Find <13.2.7 - Open Redirect

EpiServer Find before 13.2.7 contains an open redirect vulnerability via the tredirect parameter in a crafted URL, such as a /findv2/click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...

Stable Diffusion Webui 1.10.0 - Open Redirect

An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...

Travel scams are everywhere. Here&#8217;s how to avoid them

Planning a holiday should be exciting, fun, and not a cybersecurity risk. But booking flights, hotels, and rental properties often means sharing sensitive personal and financial information across multiple platforms. Combined with frequent travel scams and recurring data breaches in the travel an...

Gradio - Open Redirect

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

Malicious Package

Overview fflc-updated is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

Malicious Package

Overview ishowfeet1 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

Malicious Package

Overview speed4 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

Malicious Package

Overview ratelimitsucks is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

Malicious Package

Overview nottuff26 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

Malicious Package

Overview backupsitetuff9 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

Malicious Package

Overview ratelimitsucks10 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

Malicious Package

Overview sixseven3 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

Malicious Package

Overview sixseven5 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

Malicious Package

Overview abuden21 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

Malicious Package

Overview ratelimitsucks2 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

Malicious Package

Overview backupgenuine-updated is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generat...