VYPR

Doorman

by Doorman

Source repositories

CVEs (2)

  • CVE-2026-30269CriApr 20, 2026
    risk 0.57cvss 9.9epss 0.00

    Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_users permission check for…

  • CVE-2026-2153MedFeb 8, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function is_safe_url of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been…