3 matches found
EUVD-2026-26385
A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
DEBIAN-CVE-2025-67713
Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirecturl as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...
CVE-2025-67713
Miniflux 2 has an Open Redirect due to protocol-relative redirect_url handling. Versions 2.2.14 and earlier treat redirect_url as safe if url.Parse(...).IsAbs() is false, allowing post-login redirects to attacker-controlled sites (e.g., protocol-relative URLs like //ikotaslabs.com). This is fixed...