Lucene search
K

100 matches found

Github Security Blog
Github Security Blog
added 2026/05/05 4:32 p.m.10 views

Jupyter Server has an open redirection vulnerability in `next` query parameter

Summary The ?next=... URL query parameter has an open redirection vulnerability. In jupyterserver=2.17.0, this URL query parameter allows redirection to arbitrary external domains, which can be exploited to facilitate phishing attacks on server users. Details The vulnerability is caused by...

6.3CVSS6AI score0.00265EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/05 4:32 p.m.4 views

GHSA-QH7Q-6QM3-653W Jupyter Server has an open redirection vulnerability in `next` query parameter

Summary The ?next=... URL query parameter has an open redirection vulnerability. In jupyterserver=2.17.0, this URL query parameter allows redirection to arbitrary external domains, which can be exploited to facilitate phishing attacks on server users. Details The vulnerability is caused by...

6CVSS6AI score0.00265EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/05 3:28 p.m.5 views

CVE-2025-61669 jupyter_server next parameter open redirect can redirect users to external domains

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

6.3CVSS5.9AI score0.00265EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/09 7:23 p.m.6 views

CVE-2026-2153

A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...

6.1CVSS5.2AI score0.00283EPSS
Exploits1References1
NVD
NVD
added 2026/02/08 1:16 p.m.6 views

CVE-2026-2153

A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...

6.1CVSS0.00283EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/08 1:2 p.m.3 views

CVE-2026-2153

A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...

5.3CVSS5AI score0.00283EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/08 1:2 p.m.4 views

EUVD-2026-5796

A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...

5.3CVSS4.9AI score0.00283EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/08 1:2 p.m.33 views

CVE-2026-2153 mwielgoszewski doorman views.py is_safe_url redirect

A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...

5.3CVSS0.00283EPSS
Exploits1References4
CVE
CVE
added 2026/02/08 1:2 p.m.18 views

CVE-2026-2153

The CVE-2026-2153 entry targets the mwielgoszewski doorman project (up to version 0.6) and affects the is_safe_url function in doorman/users/views.py. The issue arises from manipulating the Next argument, allowing an open redirect. Exploitation is possible remotely, and public disclosure of the e...

6.1CVSS5AI score0.00283EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.9 views

doorman 输入验证错误漏洞

Doorman is a configuration manager developed by Marcin Wielgoszewski. Versions of Doorman prior to 0.6 contained a vulnerability related to input validation errors. This vulnerability stemmed from incorrect handling of the parameter “Next” in the file “doorman/users/views.py”, which could lead to...

6.1CVSS5.8AI score0.00283EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/24 12:0 a.m.27 views

CVE-2025-60935

An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...

0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 11:53 p.m.27 views

CVE-2025-67502 Taguette does not safeguard against Open Redirect

Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP redirects without an...

5.4CVSS0.00232EPSS
Exploits1References2
CVE
CVE
added 2025/12/09 11:53 p.m.23 views

CVE-2025-67502

CVE-2025-67502 affects Taguette, an open source qualitative research tool. Technical details across connected sources show an open redirect in versions 1.5.1 and earlier, where a user-controlled “next” parameter in login or cookies redirects is used without validation. This allows an attacker to ...

6.1CVSS6.4AI score0.00232EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2025/12/09 2:26 p.m.4 views

Open Redirect

Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to Open Redirect via the next parameter in the login and cookies prompt processes. An attacker can redirect users to arbitrary external websites by crafting malicious URLs...

6.1CVSS6.9AI score0.00232EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/12/09 2:26 p.m.10 views

Open Redirect Vulnerability in Taguette

Summary An Open Redirect vulnerability exists in Taguette that allows attackers to craft malicious URLs that redirect users to arbitrary external websites after authentication. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance b...

6.1CVSS7.1AI score0.00232EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50295

Name of the Vulnerable Software and Affected Versions Taguette versions prior to 1.5.2 Description Taguette is a qualitative research tool susceptible to an open redirect issue. Attackers can create malicious URLs that redirect authenticated users to arbitrary external websites. The application...

6.1CVSS5.9AI score0.00232EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2025/05/23 8:24 a.m.6 views

CVE-2024-1240

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

6.1CVSS6.8AI score0.00319EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:24 p.m.4 views

CVE-2022-39814

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter...

6.1CVSS6.4AI score0.00365EPSS
Exploits0References1
Snyk
Snyk
added 2025/01/08 10:3 p.m.3 views

Open Redirect

Overview sickchill is an Automatic Video Library Manager for TV Shows Affected versions of this package are vulnerable to Open Redirect due to improper validation of the next parameter in the login endpoint. An attacker can redirect users to arbitrary external URLs by manipulating the input to th...

6.5CVSS6.5AI score0.00951EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.5 views

SickChill 输入验证错误漏洞

SickChill is an application in the SickChill open source. SickChill suffers from an input validation error vulnerability that stems from the next parameter in a user-controlled login endpoint that can receive arbitrary content, which can be exploited by an authenticated attacker to redirect the...

4.8CVSS6.4AI score0.00951EPSS
Exploits0References5
Rows per page
Query Builder