5 matches found
EUVD-2026-4870
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect open redirect vulnerability exists in NocoDB’s login flow due to missing validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect...
UBUNTU-CVE-2025-67713
Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirecturl as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...
CVE-2025-67713
Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirecturl as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...
CVE-2025-67713 Miniflux 2 has an Open Redirect via protocol-relative `redirect_url`
Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirecturl as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...
CVE-2025-67713
Miniflux 2 has an Open Redirect due to protocol-relative redirect_url handling. Versions 2.2.14 and earlier treat redirect_url as safe if url.Parse(...).IsAbs() is false, allowing post-login redirects to attacker-controlled sites (e.g., protocol-relative URLs like //ikotaslabs.com). This is fixed...