Lucene search
K

12 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 1:5 p.m.8 views

CVE-2026-53436

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments ./ or ../, allowing attackers to perform phishing attacks...

5.5AI score0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 1:31 p.m.4 views

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

5.2AI score0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 8:32 p.m.6 views

EUVD-2026-4870

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect open redirect vulnerability exists in NocoDB’s login flow due to missing validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect...

7.1CVSS6.3AI score0.00269EPSS
Exploits1References1
OSV
OSV
added 2025/12/11 1:16 a.m.4 views

UBUNTU-CVE-2025-67713

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirecturl as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...

6.1CVSS5.8AI score0.00183EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/11 12:17 a.m.26 views

CVE-2025-67713 Miniflux 2 has an Open Redirect via protocol-relative `redirect_url`

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirecturl as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...

5.3CVSS0.00183EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/11 12:17 a.m.1 views

CVE-2025-67713 Miniflux 2 has an Open Redirect via protocol-relative `redirect_url`

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirecturl as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...

5.3CVSS6.1AI score0.00183EPSS
Exploits1References2
CVE
CVE
added 2025/12/11 12:17 a.m.25 views

CVE-2025-67713

Miniflux 2 has an Open Redirect due to protocol-relative redirect_url handling. Versions 2.2.14 and earlier treat redirect_url as safe if url.Parse(...).IsAbs() is false, allowing post-login redirects to attacker-controlled sites (e.g., protocol-relative URLs like //ikotaslabs.com). This is fixed...

6.1CVSS6.4AI score0.00183EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2025/12/11 12:17 a.m.4 views

CVE-2025-67713

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirecturl as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...

6.1CVSS7.8AI score0.00183EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2025/08/11 7:2 a.m.4 views

A week in security (August 4 – August 10)

Last week on Malwarebytes Labs: Adult sites trick users into Liking Facebook posts using a clickjack Trojan Facebook users targeted in ‘login’ phish TeaOnHer, the male version of Tea, is leaking personal information on its users too How Google, Adidas, and more were breached in a Salesforce scam...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.2 views

n8n 输入验证错误漏洞

n8n is a scalable workflow automation tool from n8n open source. An input validation error vulnerability exists in n8n versions prior to 1.98.0, which stems from an open redirection vulnerability in the login process that could lead to a phishing attack...

5.4CVSS6.3AI score0.00193EPSS
Exploits0References5
OSV
OSV
added 2023/09/27 3:19 p.m.1 views

UBUNTU-CVE-2023-41888

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page...

5.4CVSS6AI score0.00417EPSS
Exploits0References3
OSV
OSV
added 2019/05/17 4:29 p.m.3 views

CVE-2019-5946

Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen...

6.1CVSS6.7AI score0.01133EPSS
Exploits0References2
Rows per page
Query Builder