Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to t
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp an
OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by
CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely follo
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
CVE-2026-23818
CRITICAL CVSS 9.6
Find Similar
A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the lo
Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such appl
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.
A vulnerability was found in LaChatterie Verger up to 1.2.10. This impacts the function redirectToAuthorization of the file /src/main/services/mcp/oauth/provider.ts. The manipulation of the argument U
Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exp
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vuln
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the targe
OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers cont
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), version
CVE-2025-48865
CRITICAL CVSS 9.1
Find Similar
Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerabil
Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the
bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbi
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to in
Page 1+ Next →