100 matches found
Jupyter Server has an open redirection vulnerability in `next` query parameter
Summary The ?next=... URL query parameter has an open redirection vulnerability. In jupyterserver=2.17.0, this URL query parameter allows redirection to arbitrary external domains, which can be exploited to facilitate phishing attacks on server users. Details The vulnerability is caused by...
GHSA-QH7Q-6QM3-653W Jupyter Server has an open redirection vulnerability in `next` query parameter
Summary The ?next=... URL query parameter has an open redirection vulnerability. In jupyterserver=2.17.0, this URL query parameter allows redirection to arbitrary external domains, which can be exploited to facilitate phishing attacks on server users. Details The vulnerability is caused by...
CVE-2025-61669 jupyter_server next parameter open redirect can redirect users to external domains
Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...
CVE-2026-2153
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
EUVD-2026-5796
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153 mwielgoszewski doorman views.py is_safe_url redirect
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153
The CVE-2026-2153 entry targets the mwielgoszewski doorman project (up to version 0.6) and affects the is_safe_url function in doorman/users/views.py. The issue arises from manipulating the Next argument, allowing an open redirect. Exploitation is possible remotely, and public disclosure of the e...
doorman 输入验证错误漏洞
Doorman is a configuration manager developed by Marcin Wielgoszewski. Versions of Doorman prior to 0.6 contained a vulnerability related to input validation errors. This vulnerability stemmed from incorrect handling of the parameter “Next” in the file “doorman/users/views.py”, which could lead to...
CVE-2025-60935
An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...
CVE-2025-67502 Taguette does not safeguard against Open Redirect
Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP redirects without an...
CVE-2025-67502
CVE-2025-67502 affects Taguette, an open source qualitative research tool. Technical details across connected sources show an open redirect in versions 1.5.1 and earlier, where a user-controlled “next” parameter in login or cookies redirects is used without validation. This allows an attacker to ...
Open Redirect
Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to Open Redirect via the next parameter in the login and cookies prompt processes. An attacker can redirect users to arbitrary external websites by crafting malicious URLs...
Open Redirect Vulnerability in Taguette
Summary An Open Redirect vulnerability exists in Taguette that allows attackers to craft malicious URLs that redirect users to arbitrary external websites after authentication. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance b...
PT-2025-50295
Name of the Vulnerable Software and Affected Versions Taguette versions prior to 1.5.2 Description Taguette is a qualitative research tool susceptible to an open redirect issue. Attackers can create malicious URLs that redirect authenticated users to arbitrary external websites. The application...
CVE-2024-1240
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...
CVE-2022-39814
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter...
Open Redirect
Overview sickchill is an Automatic Video Library Manager for TV Shows Affected versions of this package are vulnerable to Open Redirect due to improper validation of the next parameter in the login endpoint. An attacker can redirect users to arbitrary external URLs by manipulating the input to th...
SickChill 输入验证错误漏洞
SickChill is an application in the SickChill open source. SickChill suffers from an input validation error vulnerability that stems from the next parameter in a user-controlled login endpoint that can receive arbitrary content, which can be exploited by an authenticated attacker to redirect the...