Lucene search
K

4 matches found

EUVD
EUVD
added 2025/10/16 3:30 p.m.3 views

EUVD-2025-34769

FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset magic links using the untrusted req.headers.host header and forces the http:// scheme. An attacker who can control the Host header or exploit a misconfigured proxy/load-balancer that forwards the header unchanged can cause reset lin...

8.2CVSS6.4AI score0.00394EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/16 12:0 a.m.2 views

CVE-2025-61536

FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset magic links using the untrusted req.headers.host header and forces the http:// scheme. An attacker who can control the Host header or exploit a misconfigured proxy/load-balancer that forwards the header unchanged can cause reset lin...

6.5AI score0.00394EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.4 views

Dev jobs handlebars 安全漏洞

Dev jobs handlebars is a job search program by Felix Individual Developers. A security vulnerability exists in Dev jobs handlebars version 1.0 that stems from the use of an untrusted req.headers.host header to generate an absolute password reset link and force the use of an http scheme, which cou...

8.2CVSS6.8AI score0.00394EPSS
Exploits0References2
CVE
CVE
added 2025/10/16 12:0 a.m.10 views

CVE-2025-61536

FelixRiddle dev-jobs-handlebars 1.0 is affected by CVE-2025-61536. The issue arises from generating absolute password-reset (magic) links using the untrusted req.headers.host header and forcing the http:// scheme. This allows an attacker who can control the Host header (or a misconfigured proxy/l...

8.2CVSS6.5AI score0.00394EPSS
Exploits0References2
Rows per page
Query Builder