Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45307

Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the issafeurl helper used to validate post-login redirect targets applied urljoinrequest.hosturl, target before parsing, while the controller passed the raw target to redirect. A...

6.1CVSS5.5AI score0.00153EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 6:16 p.m.13 views

CVE-2026-45307

Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the issafeurl helper used to validate post-login redirect targets applied urljoinrequest.hosturl, target before parsing, while the controller passed the raw target to redirect. A...

6.1CVSS0.00153EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:47 p.m.9 views

CVE-2026-45307

Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the issafeurl helper used to validate post-login redirect targets applied urljoinrequest.hosturl, target before parsing, while the controller passed the raw target to redirect. A...

6.1CVSS5.8AI score0.00153EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/28 5:47 p.m.14 views

EUVD-2026-32967

Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the issafeurl helper used to validate post-login redirect targets applied urljoinrequest.hosturl, target before parsing, while the controller passed the raw target to redirect. A...

6.1CVSS5.8AI score0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 5:47 p.m.8 views

CVE-2026-45307 Speakr: Open redirect in is_safe_url via parser mismatch on next parameter

Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the issafeurl helper used to validate post-login redirect targets applied urljoinrequest.hosturl, target before parsing, while the controller passed the raw target to redirect. A...

6.1CVSS5.8AI score0.00153EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 5:47 p.m.26 views

CVE-2026-45307

Speakr prior to 0.8.20-alpha is vulnerable to an open redirect via the is_safe_url() helper. The validation used urljoin(request.host_url, target) before parsing, so a scheme-relative input like ////evil.com is resolved to a same-host URL during validation but is emitted verbatim in the Location ...

6.1CVSS5.8AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 5:47 p.m.35 views

CVE-2026-45307 Speakr: Open redirect in is_safe_url via parser mismatch on next parameter

Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the issafeurl helper used to validate post-login redirect targets applied urljoinrequest.hosturl, target before parsing, while the controller passed the raw target to redirect. A...

6.1CVSS0.00153EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44459

Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the is safe url helper used to validate post-login redirect targets applied urljoinrequest.host url, target before parsing, while the controller passed the raw target to redirect. ...

6.1CVSS5.8AI score0.00153EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Speakr 安全漏洞

Speakr is a self-hosted AI transcription and smart note platform developed by Murtaza Nasir. Versions of Speakr prior to 0.8.20-alpha contained a security vulnerability. This vulnerability stemmed from the use of urljoin before parsing in the issafeurl validation function. The controller directly...

6.1CVSS5.8AI score0.00153EPSS
Exploits0References1
Rows per page
Query Builder