EUVD-2026-37586

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

EUVD-2018-13380

Malware in sbrugna...

EUVD-2025-26391

Malicious code in bioql PyPI...

EUVD-2025-25913

Malicious code in bioql PyPI...

Open Redirection

googlesignin is vulnerable to Open Redirection. The vulnerability is due to open redirect due to the proceedto session value accepting protocol-relative URLs which can be set via a malicious form submission, allowing an attacker to redirect users to another origin...

Open Redirect

googlesignin is vulnerable to open redirect. The vulnerability is due to improper validation of crafted URLs that bypass the "same origin" check, which allows an attacker to redirect users to a malicious origin and potentially chain it with arbitrary data injection into session cookies...

CVE-2025-58067

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

Open Redirect

Overview googlesignin is a Sign in or up with Google for Rails applications Affected versions of this package are vulnerable to Open Redirect via the proceedto value in the session store when it is set to a protocol-relative URL. An attacker can redirect users to an unintended origin by submittin...

CVE-2025-58067

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

CVE-2025-58067

CVE-2025-58067 affects Basecamp’s google_sign_in gem for Rails before 1.3.1. The issue allows a redirect to another origin when the session key proceed_to is a protocol-relative URL, potentially set by a malicious site via form submission and then used in an OAuth2 request. The vulnerability reli...

CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

GHSA-5JCH-XHW4-R43V Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

Google Sign-In for Rails 输入验证错误漏洞

Google Sign-In for Rails is Basecamp's open source software for signing in using Google for Rails applications. An input validation error vulnerability exists in Google Sign-In for Rails versions prior to 1.3.1, which stems from the possibility that the proceedto value could be redirected to...

PT-2025-35317

Name of the Vulnerable Software and Affected Versions: Basecamp's google sign in gem versions prior to 1.3.1 Description: The gem persists a URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly passes the "same origin" check, potentially redirecti...

Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

Open Redirect

Overview googlesignin is a Sign in or up with Google for Rails applications Affected versions of this package are vulnerable to Open Redirect via the ensuresameorigin function in the redirectprotector.rb file. An attacker can cause users to be redirected to an attacker-controlled origin by...

GHSA-7PWC-WH6M-44Q3 Google Sign-In for Rails allowed redirects to malformed URLs

Summary It is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is malformed, it's possible for the user to be...