Lucene search
K

101 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.2 views

CVE-2024-56734

Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on emai...

7.9CVSS7.1AI score0.00388EPSS
Exploits1References1
NVD
NVD
added 2025/04/06 8:15 p.m.50 views

CVE-2025-32013

LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...

9.3CVSS0.00628EPSS
Exploits2References1
OSV
OSV
added 2025/04/06 8:7 p.m.18 views

CVE-2025-32013 Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System

LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...

9.3CVSS6.8AI score0.00628EPSS
Exploits2References3
CVE
CVE
added 2025/04/06 8:7 p.m.80 views

CVE-2025-32013

CVE-2025-32013 affects LNbits LNURL authentication handling. The SSRF occurs when the server processes a callback URL: it issues an HTTP request to the provided URL with redirects enabled via httpx and does not adequately validate the callback, enabling an attacker to target internal network addr...

9.3CVSS6.8AI score0.00628EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/06 12:0 a.m.5 views

PT-2025-15123 · Lnbits +1 · Lnbits +1

Name of the Vulnerable Software and Affected Versions: LNbits affected versions not specified Description: A Server-Side Request Forgery SSRF issue has been found in LNbits' LNURL authentication handling functionality. This occurs because the application does not properly validate the callback UR...

9.3CVSS6.2AI score0.00628EPSS
Exploits2References17
NVD
NVD
added 2025/02/24 11:15 p.m.17 views

CVE-2025-27143

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...

6.9CVSS0.00324EPSS
Exploits0References5
OSV
OSV
added 2025/02/24 10:16 p.m.10 views

CVE-2025-27143 Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...

6.9CVSS6.5AI score0.00324EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/02/24 10:16 p.m.18 views

CVE-2025-27143 Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...

6.9CVSS0.00324EPSS
Exploits0References5
CVE
CVE
added 2025/02/24 10:16 p.m.84 views

CVE-2025-27143

CVE-2025-27143 – Better Auth open redirect . The flaw affects Better Auth (TypeScript) prior to v1.1.21, where the email verification endpoint (and any endpoint accepting a callback URL) fails to validate scheme-less URLs, allowing the browser to treat them as fully qualified URLs. This enables a...

6.9CVSS7AI score0.00324EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/02/24 8:49 p.m.2 views

GHSA-VP58-J275-797X Better Auth allows bypassing the trustedOrigins Protection which leads to ATO

Summary A bypass was discovered in the trustedOrigins validation logic—affecting both absolute URL entries and wildcard domain patterns. This flaw allows an attacker to construct a malicious callbackURL that passes origin checks and triggers an open redirect. Because redirect endpoints include...

7.1CVSS5.9AI score
Exploits0References4
OSV
OSV
added 2025/02/24 6:27 p.m.3 views

GHSA-HJPM-7MRM-26W8 Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Summary The application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While the server blocks fully qualified URLs e.g., https://evil.com, it incorrectly allows...

6.9CVSS5.9AI score0.00324EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/02/24 6:27 p.m.18 views

Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Summary The application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While the server blocks fully qualified URLs e.g., https://evil.com, it incorrectly allows...

6.9CVSS7AI score0.00324EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.4 views

Better Auth 输入验证错误漏洞

Better Auth is a TypeScript's most comprehensive authentication framework open-sourced by Better Auth. An input validation error vulnerability exists in versions of Better Auth prior to 1.1.21 that stems from improper validation of the callbackURL parameter in the email validation endpoint and an...

6.9CVSS6.6AI score0.00324EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/12/30 4:49 p.m.38 views

Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint

Summary An open redirect vulnerability has been identified in the verify email endpoint of Better Auth, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on email verification links generated by the library. Affected Versions - All versions...

7.9CVSS6.5AI score0.00388EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/30 4:48 p.m.23 views

CVE-2024-56734 Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint

Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on emai...

7.9CVSS7.1AI score0.00388EPSS
Exploits1References2
Hacker One
Hacker One
added 2024/07/18 4:22 p.m.8 views

Acronis: Potential XSS Vulnerability in Acronis Login Callback URL

The Acronis login callback URL was found to be vulnerable to cross-site scripting XSS attacks. The redirectUrl parameter in the URL was not properly sanitized, allowing an attacker to inject arbitrary JavaScript code. This could have been exploited to steal user session cookies...

6AI score
Exploits0
0day.today
0day.today
added 2023/07/11 12:0 a.m.195 views

Ateme TITAN File 3.9 - SSRF File Enumeration Vulnerability

Exploit Title: Ateme TITAN File 3.9 - SSRF File Enumeration Exploit Author: LiquidWorm Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD,...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.4 views

SUSE CVE-2010-1527

Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action...

9.3CVSS8.4AI score0.35987EPSS
Exploits18References5
Positive Technologies
Positive Technologies
added 2022/12/06 12:0 a.m.7 views

PT-2022-27768 · Querybook · Querybook

Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.14.2 Description: The issue concerns Querybook, an open source data querying UI. In affected versions, user-provided data is not escaped in the error field of the auth callback URL in...

6.3CVSS5.9AI score0.00415EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
added 2022/11/01 12:0 a.m.42 views

phpCAS vulnerable to Service Hostname Discovery Exploitation

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

8CVSS1.1AI score0.01064EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder