CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

Veracode•added 2025/12/13 7:23 a.m.•5 views

External Control Of System Or Configuration Setting

Taguette is vulnerable to External Control of System or Configuration Setting. The vulnerability is due to improper validation in the password reset functionality, which allows an attacker to craft a malicious reset link that, when clicked by the victim, enables unauthorized control over the...

7.1CVSS5.9AI score0.00231EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2025/12/11 12:3 a.m.•20 views

CVE-2025-67502

Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP redirects without an...

6.1CVSS6.5AI score0.00228EPSS

Exploits1References1

NVD•added 2025/12/10 12:16 a.m.•3 views

CVE-2025-67502

6.1CVSS0.00228EPSS

Exploits1References2

CNNVD•added 2025/12/10 12:0 a.m.•4 views

Taguette 输入验证错误漏洞

Taguette is a qualitative research tool by the individual developer Remi Rampin. An input validation error vulnerability exists in Taguette 1.5.1 and prior versions, which stems from insufficient validation of the next parameter and could lead to phishing attacks...

6.1CVSS6.4AI score0.00228EPSS

Exploits1References3

Vulnrichment•added 2025/12/09 11:53 p.m.•2 views

CVE-2025-67502 Taguette does not safeguard against Open Redirect

5.4CVSS6.4AI score0.00228EPSS

Exploits1References2

Cvelist•added 2025/12/09 11:53 p.m.•24 views

CVE-2025-67502 Taguette does not safeguard against Open Redirect

5.4CVSS0.00228EPSS

Exploits1References2

CVE•added 2025/12/09 11:53 p.m.•19 views

CVE-2025-67502

CVE-2025-67502 affects Taguette, an open source qualitative research tool. Technical details across connected sources show an open redirect in versions 1.5.1 and earlier, where a user-controlled “next” parameter in login or cookies redirects is used without validation. This allows an attacker to ...

6.1CVSS6.4AI score0.00228EPSS

Exploits1References2Affected Software1

OSV•added 2025/12/09 11:53 p.m.•4 views

CVE-2025-67502 Taguette does not safeguard against Open Redirect

5.4CVSS6.7AI score0.00228EPSS

Exploits1References4

Snyk•added 2025/12/09 2:26 p.m.•4 views

Open Redirect

Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to Open Redirect via the next parameter in the login and cookies prompt processes. An attacker can redirect users to arbitrary external websites by crafting malicious URLs...

6.1CVSS6.9AI score0.00228EPSS

Exploits1References2

Github Security Blog•added 2025/12/09 2:26 p.m.•8 views

Open Redirect Vulnerability in Taguette

Summary An Open Redirect vulnerability exists in Taguette that allows attackers to craft malicious URLs that redirect users to arbitrary external websites after authentication. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance b...

6.1CVSS7.1AI score0.00228EPSS

Exploits1References4Affected Software1

EUVD•added 2025/12/09 2:26 p.m.•3 views

EUVD-2025-201930

Open Redirect Vulnerability in Taguette...

5.4CVSS6.3AI score0.00228EPSS

Exploits1References3

OSV•added 2025/12/09 2:26 p.m.•6 views

GHSA-5923-R76V-MPRM Open Redirect Vulnerability in Taguette

5.4CVSS7AI score0.00228EPSS

Exploits1References4

Positive Technologies•added 2025/12/09 12:0 a.m.•5 views

PT-2025-50295

5.4CVSS6.8AI score0.00228EPSS

Exploits1References3

RedhatCVE•added 2025/10/21 8:29 p.m.•7 views

CVE-2025-62527

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been...

7.1CVSS6.9AI score0.00231EPSS

Exploits0References1

RedhatCVE•added 2025/10/21 8:29 p.m.•12 views

CVE-2025-62528

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

5.4CVSS6.7AI score0.00161EPSS

Exploits0References1

Snyk•added 2025/10/20 8:42 p.m.•3 views

Cross-site Scripting (XSS)

Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag name, tag description, document name and document description. An attacker can execute arbitrary JavaScript code in the context of another...

5.4CVSS5.5AI score0.00161EPSS

Exploits0References2

Snyk•added 2025/10/20 8:42 p.m.•3 views

External Control of System or Configuration Setting

Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the post function in the web/views.py file'. An attacker can gain unauthorized access to user accounts by crafting a...

7.1CVSS6.9AI score0.00231EPSS

Exploits0References2

OSV•added 2025/10/20 8:27 p.m.•3 views

GHSA-G9QW-G6RV-3889 Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description

Impact An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. Patches Users should upgrade to Taguette 1.5.0. References -...

5.4CVSS6.7AI score0.00161EPSS

Exploits0References5