10 matches found
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the logout process. An attacker can redirect users to arbitrary external websites by supplying a crafted url parameter. This is only exploitable if the configuration option enablelogout is set to true, and is most...
EUVD-2025-38190
A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirecturi parameter associated with the openid-connect logout protocol does not properly validate the provided URL...
CVE-2025-12789 Rhsso: open redirect
A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirecturi parameter associated with the openid-connect logout protocol does not properly validate the provided URL...
CVE-2025-12789
The CVE-2025-12789 issue affects Red Hat Single Sign-On and is an Open Redirect vulnerability during the logout process. The root cause is that the redirect_uri parameter used in the openid-connect logout flow is not properly validated, enabling potential redirection to a malicious URL. Documents...
CVE-2025-12789
A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirecturi parameter associated with the openid-connect logout protocol does not properly validate the provided URL. Mitigation Mitigation for this issue is either...
CVE-2025-24973
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...
CVE-2025-24973
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...
CVE-2025-24973 Concorde not removing authentication tokens after logging out
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...
CVE-2025-24973 Concorde not removing authentication tokens after logging out
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...
Apache NiFi Registry Code Issue Vulnerability
Apache NiFi is a data processing and distribution system from the Apache Software Foundation in the United States. The system is primarily used for data routing, transformation, and system intermediary logic.NiFi Registry is one of the registries used to store and manage the versioning process. A...