CNNVD-202510-2356 Information

CNNVD ID

CNNVD-202510-2356

Related CVE

CVE-2025-61536

• CNNVD Published: 2025-10-16

Description (Chinese)

Dev jobs handlebars是Felix个人开发者的一个求职软件。 Dev jobs handlebars 1.0版本存在安全漏洞，该漏洞源于使用不受信任的req.headers.host标头生成绝对密码重置链接并强制使用http方案，可能导致令牌窃取、钓鱼攻击和账户接管。

Description (English)

Dev Jobs Handlebars is a job search software for Felix personal developers. Dev Jobs Handlebars Version 1.0 has a security loophole, which stems from the use of untrusted req.headers.host headers to generate absolute password re-links and enforce the use of the http program, which may lead to token theft, fishing attacks and account takeovers.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/FelixRiddle/dev-jobs-handlebars/ https://github.com/bugdotexe/Vulnerability-Research/tree/main/CVE-2025-61536