CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-40557

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00291EPSS

Exploits1References1

RedhatCVE•added 2025/08/31 9:32 p.m.•1 views

CVE-2025-58067

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

4.2CVSS6.5AI score0.00059EPSS

Exploits0References1

CVE•added 2025/08/29 9:5 p.m.•9 views

CVE-2025-58067

CVE-2025-58067 affects Basecamp’s google_sign_in gem for Rails before 1.3.1. The issue allows a redirect to another origin when the session key proceed_to is a protocol-relative URL, potentially set by a malicious site via form submission and then used in an OAuth2 request. The vulnerability reli...

4.2CVSS6.1AI score0.00059EPSS

Vulnrichment•added 2025/08/29 9:5 p.m.•1 views

CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI

4.2CVSS5.9AI score0.00059EPSS

Positive Technologies•added 2025/08/29 12:0 a.m.•3 views

PT-2025-35317

Name of the Vulnerable Software and Affected Versions: Basecamp's google sign in gem versions prior to 1.3.1 Description: The gem persists a URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly passes the "same origin" check, potentially redirecti...

4.2CVSS6.2AI score0.00059EPSS

Exploits0References12

NVD•added 2025/08/27 5:15 p.m.•0 views

CVE-2025-57821

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...

4.2CVSS0.00059EPSS

CVE•added 2025/08/27 4:32 p.m.•10 views

CVE-2025-57821

CVE-2025-57821 concerns Basecamp’s Google Sign-In for Rails. Before v1.3.0, a malformed redirect URL can bypass the same-origin check, allowing redirects to an attacker-controlled origin. If Rails apps store flash data in a session cookie, this can be chained with an attack that injects arbitrary...

4.2CVSS6.9AI score0.00059EPSS

Cvelist•added 2025/08/27 4:32 p.m.•6 views

CVE-2025-57821 Basecamp's Google Sign-In for Rails allowed redirects to a malformed URL

4.2CVSS0.00059EPSS

OSV•added 2025/08/27 4:32 p.m.•2 views

CVE-2025-57821 Basecamp's Google Sign-In for Rails allowed redirects to a malformed URL

4.2CVSS6.7AI score0.00059EPSS

Exploits0References6

Positive Technologies•added 2025/08/27 12:0 a.m.•4 views

PT-2025-34903 · Rails +1 · Rails +1

Name of the Vulnerable Software and Affected Versions: Basecamp Google Sign-In versions prior to 1.3.0 Description: A malformed URL can bypass the "same origin" check, potentially redirecting users to an unintended origin. This issue affects Rails applications using the library and storing flash...

4.2CVSS6.4AI score0.00059EPSS

Exploits0References15

CNNVD•added 2025/08/27 12:0 a.m.•1 views

Basecamp 输入验证错误漏洞

Basecamp is a project management software from Basecamp, Inc. An input validation error vulnerability exists in Basecamp versions prior to 1.3.0 that stems from improper URL validation and could lead to redirection attacks...

4.2CVSS6.3AI score0.00059EPSS

Exploits0References5

OSV•added 2025/08/14 6:52 p.m.•1 views

MAL-2025-34308 Malicious code in sycamore-integration-basecamp (npm)

The package sycamore-integration-basecamp was found to contain malicious code...

7.2AI score

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•3 views

Malicious code in sycamore-integration-basecamp (npm)

The package sycamore-integration-basecamp was found to contain malicious code...

RedhatCVE•added 2025/05/23 4:1 a.m.•5 views

CVE-2023-36612

Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses containing...

7.5CVSS6.9AI score0.00291EPSS

Exploits1

Hacker One•added 2024/06/16 8:2 a.m.•83 views

Basecamp: Path traversal in deeplink query parameter can expose any user's private info to a public directory (one click)

The Basecamp mobile application was found to be vulnerable to a path traversal issue. By crafting a malicious deeplink with a specific "filename" parameter, an attacker could force the application to save user data to any directory on the device, including locations accessible to other applicatio...

Hacker One•added 2024/05/23 10:57 a.m.•65 views

Basecamp: Account takeover via insecure intent handling

The Basecamp app was vulnerable to account takeover due to insecure intent handling. A malicious app installed on the same device could obtain the user's Oauth2 token and take over their account...

Openbugbounty•added 2024/01/11 5:49 p.m.•3 views

basecampadventurepark.ie Improper Access Control vulnerability OBB-3832123

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Hacker One•added 2023/08/13 2:16 p.m.•33 views

Basecamp: AWS keys and user cookie leakage via uninitialized memory leak in outdated librsvg version in Basecamp

Sensitive data, including AWS keys and user cookies, could be leaked due to an uninitialized memory leak in an outdated version of librsvg used by Basecamp. This vulnerability allowed an attacker to upload a specially crafted SVG image as an avatar, triggering the memory leak. By extracting...

6.6AI score