Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    Related vulnerabilities

    GHSA-HMJ5-JM8H-H9FH

    Vulnerability from github – Published: 2026-07-06 21:27 – Updated: 2026-07-06 21:49
    VLAI
    Summary
    Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint
    Details

    Summary

    An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns targeting Kiwi TCMS users, as the malicious link originates from a trusted organizational hostname.

    Impact

    This is an open redirect vulnerability (CWE-601). Any unauthenticated attacker can exploit it against any user of a Kiwi TCMS deployment.

    The primary risk is phishing. Because Kiwi TCMS is typically deployed as an internal tool for engineering and QA teams, a redirect from the organization's own hostname carries high implicit trust. An attacker can use this endpoint to: - Redirect victims to a credential-harvesting page styled to match the Kiwi TCMS or corporate SSO login. - Bypass email security filters and link-reputation checks that allowlist the organization's domain. - Distribute malware via a convincing "confirm your account" lure.

    Show details on source website

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "kiwitcms"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "last_affected": "12.4"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ]
        }
      ],
      "aliases": [
        "CVE-2026-54724"
      ],
      "database_specific": {
        "cwe_ids": [
          "CWE-601"
        ],
        "github_reviewed": true,
        "github_reviewed_at": "2026-07-06T21:27:27Z",
        "nvd_published_at": null,
        "severity": "MODERATE"
      },
      "details": "### Summary\n\nAn open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns targeting Kiwi TCMS users, as the malicious link originates from a trusted organizational hostname.\n\n### Impact\n\nThis is an open redirect vulnerability (CWE-601). Any unauthenticated attacker can exploit it against any user of a Kiwi TCMS deployment.\n\nThe primary risk is phishing. Because Kiwi TCMS is typically deployed as an internal tool for engineering and QA teams, a redirect from the organization\u0027s own hostname carries high implicit trust. An attacker can use this endpoint to:\n- Redirect victims to a credential-harvesting page styled to match the Kiwi TCMS or corporate SSO login.\n- Bypass email security filters and link-reputation checks that allowlist the organization\u0027s domain.\n- Distribute malware via a convincing \"confirm your account\" lure.",
      "id": "GHSA-hmj5-jm8h-h9fh",
      "modified": "2026-07-06T21:49:19Z",
      "published": "2026-07-06T21:27:27Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-hmj5-jm8h-h9fh"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/kiwitcms/Kiwi"
        },
        {
          "type": "WEB",
          "url": "https://github.com/kiwitcms/Kiwi/releases/tag/v16.1"
        },
        {
          "type": "WEB",
          "url": "https://kiwitcms.org/blog/kiwi-tcms-team/2026/06/24/kiwi-tcms-161"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "type": "CVSS_V3"
        }
      ],
      "summary": "Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint"
    }

    PYSEC-2026-2552

    Vulnerability from pysec - Published: 2026-07-13 15:46 - Updated: 2026-07-13 16:04
    VLAI
    Details

    Summary

    An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns targeting Kiwi TCMS users, as the malicious link originates from a trusted organizational hostname.

    Impact

    This is an open redirect vulnerability (CWE-601). Any unauthenticated attacker can exploit it against any user of a Kiwi TCMS deployment.

    The primary risk is phishing. Because Kiwi TCMS is typically deployed as an internal tool for engineering and QA teams, a redirect from the organization's own hostname carries high implicit trust. An attacker can use this endpoint to: - Redirect victims to a credential-harvesting page styled to match the Kiwi TCMS or corporate SSO login. - Bypass email security filters and link-reputation checks that allowlist the organization's domain. - Distribute malware via a convincing "confirm your account" lure.

    Impacted products
    Name purl
    kiwitcms pkg:pypi/kiwitcms

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "kiwitcms",
            "purl": "pkg:pypi/kiwitcms"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "last_affected": "12.4"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ],
          "versions": [
            "10.0",
            "10.1",
            "10.2",
            "10.3",
            "10.3.999",
            "10.4",
            "10.5",
            "11.0",
            "11.1",
            "11.3",
            "11.4",
            "11.5",
            "11.6",
            "11.7",
            "12.0",
            "12.1",
            "12.2",
            "12.3",
            "12.4",
            "6.10",
            "6.11",
            "6.2.1",
            "6.3",
            "6.4",
            "6.5",
            "6.5.3",
            "6.6",
            "6.7",
            "6.8",
            "6.9",
            "7.0",
            "7.1",
            "7.2",
            "7.2.1",
            "7.3",
            "8.0",
            "8.1",
            "8.1.99",
            "8.2",
            "8.3",
            "8.4",
            "8.5",
            "8.6",
            "8.6.1",
            "8.7",
            "8.8",
            "8.9",
            "9.0",
            "9.999"
          ]
        }
      ],
      "aliases": [
        "CVE-2026-54724",
        "GHSA-hmj5-jm8h-h9fh"
      ],
      "details": "### Summary\n\nAn open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns targeting Kiwi TCMS users, as the malicious link originates from a trusted organizational hostname.\n\n### Impact\n\nThis is an open redirect vulnerability (CWE-601). Any unauthenticated attacker can exploit it against any user of a Kiwi TCMS deployment.\n\nThe primary risk is phishing. Because Kiwi TCMS is typically deployed as an internal tool for engineering and QA teams, a redirect from the organization\u0027s own hostname carries high implicit trust. An attacker can use this endpoint to:\n- Redirect victims to a credential-harvesting page styled to match the Kiwi TCMS or corporate SSO login.\n- Bypass email security filters and link-reputation checks that allowlist the organization\u0027s domain.\n- Distribute malware via a convincing \"confirm your account\" lure.",
      "id": "PYSEC-2026-2552",
      "modified": "2026-07-13T16:04:27.774507Z",
      "published": "2026-07-13T15:46:28.941600Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-hmj5-jm8h-h9fh"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/kiwitcms/Kiwi"
        },
        {
          "type": "WEB",
          "url": "https://github.com/kiwitcms/Kiwi/releases/tag/v16.1"
        },
        {
          "type": "WEB",
          "url": "https://kiwitcms.org/blog/kiwi-tcms-team/2026/06/24/kiwi-tcms-161"
        },
        {
          "type": "PACKAGE",
          "url": "https://pypi.org/project/kiwitcms"
        },
        {
          "type": "ADVISORY",
          "url": "https://github.com/advisories/GHSA-hmj5-jm8h-h9fh"
        },
        {
          "type": "ADVISORY",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54724"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "type": "CVSS_V3"
        }
      ],
      "summary": "Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint"
    }