32 matches found
CVE-2026-45307 Speakr: Open redirect in is_safe_url via parser mismatch on next parameter
Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the issafeurl helper used to validate post-login redirect targets applied urljoinrequest.hosturl, target before parsing, while the controller passed the raw target to redirect. A...
EUVD-2026-32967
Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the issafeurl helper used to validate post-login redirect targets applied urljoinrequest.hosturl, target before parsing, while the controller passed the raw target to redirect. A...
PT-2026-44459
Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the is safe url helper used to validate post-login redirect targets applied urljoinrequest.host url, target before parsing, while the controller passed the raw target to redirect. ...
CVE-2026-40332
Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...
EUVD-2026-28216
Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...
CVE-2026-40332 Masa CMS open redirect via improper handling of scheme-relative URLs
Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...
CVE-2026-40332 Masa CMS open redirect via improper handling of scheme-relative URLs
Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...
CVE-2026-40332
Masa CMS is affected by an Open Redirect vulnerability caused by improper handling of scheme-relative URLs. The system misinterprets paths beginning with // as internal and processes them without validating that the redirect target stays on the local site. An attacker can craft a link on the trus...
CVE-2026-40332
Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...
PT-2026-38254
Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description Improper handling of scheme-relative URLs allows for an open redirect. The application incorrect...
EUVD-2014-0012
Malware in sbrugna...
BIT-JENKINS-2025-27625
In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash \ characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as...
CVE-2025-27625
In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash \ characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as...
CVE-2025-27625
CVE-2025-27625 affects Jenkins core up to version 2.499 and LTS up to 2.492.1. The issue: redirects that start with a backslash () are treated as safe, enabling phishing because browsers interpret them as scheme-relative redirects. This open-redirect condition can mislead users to a different sit...
SUSE CVE-2014-0480
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // slash slash in a URL, which triggers a scheme-relative URL...
SUSE CVE-2016-3726
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs...
RUSTSEC-2022-0072 Location header incorporates user input, allowing open redirect
When hyper-staticfile performs a redirect for a directory request e.g. a request for /dir that redirects to /dir/, the Location header value was derived from user input the request path, simply appending a slash. The intent was to perform an origin-relative redirect, but specific inputs allowed...
GHSA-RX4R-GXPC-H85X Jenkins affected by Open Redirect Vulnerability
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs...
Jenkins affected by Open Redirect Vulnerability
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs...
GHSA-F7CM-CCFP-3Q4R Django Incorrectly Validates URLs
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // slash slash in a URL, which triggers a scheme-relative URL...