CVE-2025-61669

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

CVE-2026-25651

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

CVE-2020-24700

OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring...

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to failure to validate email ownership during the Slack import process, which allows an attacker to create verified user accounts with arbitrary email domains and bypass email-based team...

EUVD-2025-204302

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...

CVE-2025-63386

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...

SUSE CVE-2025-41410

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

Open Redirection

@lobehub/chat is vulnerable to Open Redirection. The vulnerability is due to improper validation of X-Forwarded- and Host headers in the OIDC redirect handling logic, which allows an attacker to inject a malicious host and redirect users to arbitrary domains...

CVE-2025-41410

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

Missing Authorization

Overview github.com/mattermost/mattermost-server is an open source Slack-alternative in Golang and React. Affected versions of this package are vulnerable to Missing Authorization via the Slack import functionality. An attacker can create verified user accounts with arbitrary email domains by...

CVE-2025-41410

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

CVE-2025-41410 Slack import bypasses email verification for team access controls

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

CVE-2025-41410 Slack import bypasses email verification for team access controls

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

CVE-2025-41410

Mattermost CVE-2025-41410 affects server versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, and 10.11.x

EUVD-2020-17414

Malware in sbrugna...

EUVD-2021-14089

Malware in sbrugna...

EUVD-2017-16790

Malware in sbrugna...

EUVD-2022-2017

Malicious code in bioql PyPI...

EUVD-2022-49666

Malicious code in bioql PyPI...

CVE-2022-46886

There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain...