Lucene search
K

4 matches found

NVD
NVD
added 2025/11/07 5:15 p.m.7 views

CVE-2025-63784

An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...

6.5CVSS0.00408EPSS
Exploits1References2
OSV
OSV
added 2025/11/07 5:15 p.m.7 views

CVE-2025-63784

An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...

6.5CVSS5.9AI score0.00408EPSS
Exploits1References2
NVD
NVD
added 2025/11/07 4:15 p.m.9 views

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

7.6CVSS0.00284EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/07 12:0 a.m.4 views

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

6.3AI score0.00284EPSS
Exploits1References2
Rows per page
Query Builder