Total
1377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31282 | 1 Appcheap | 1 App Builder | 2025-04-08 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7.
|
|||||
| CVE-2023-0042 | 1 Gitlab | 1 Gitlab | 2025-04-08 | N/A | 6.1 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
|
|||||
| CVE-2022-3145 | 1 Okta | 1 Oidc Middleware | 2025-04-08 | N/A | 4.7 MEDIUM |
|
An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.
|
|||||
| CVE-2023-22958 | 1 Syracom | 1 Secure Login | 2025-04-07 | N/A | 6.1 MEDIUM |
|
The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.
|
|||||
| CVE-2022-43721 | 1 Apache | 1 Superset | 2025-04-07 | N/A | 5.4 MEDIUM |
|
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
|
|||||
| CVE-2024-4773 | 1 Mozilla | 1 Firefox | 2025-04-04 | N/A | 7.5 HIGH |
|
When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.
|
|||||
| CVE-2025-0244 | 1 Mozilla | 1 Firefox | 2025-04-03 | N/A | 5.3 MEDIUM |
|
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar.
*Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134.
|
|||||
| CVE-2023-22298 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin 4 | 2025-04-03 | N/A | 6.1 MEDIUM |
|
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
|
|||||
| CVE-2025-27426 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-03 | N/A | 5.4 MEDIUM |
|
Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136.
|
|||||
| CVE-2004-2260 | 1 Opera | 1 Opera Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.
|
|||||
| CVE-2005-1475 | 1 Opera | 1 Opera Browser | 2025-04-03 | 7.5 HIGH | N/A |
|
The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect.
|
|||||
| CVE-2005-4206 | 1 Blackboard | 1 Academic Suite | 2025-04-03 | 4.0 MEDIUM | 6.1 MEDIUM |
|
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.
|
|||||
| CVE-2005-0420 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.
|
|||||
| CVE-2023-24044 | 1 Plesk | 1 Obsidian | 2025-04-02 | N/A | 6.1 MEDIUM |
|
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."
|
|||||
| CVE-2023-24445 | 1 Jenkins | 1 Openid | 2025-04-02 | N/A | 6.1 MEDIUM |
|
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
|
|||||
| CVE-2025-2980 | 2025-04-01 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability classified as problematic was found in Legrand SMS PowerView 1.x. This vulnerability affects unknown code. The manipulation of the argument redirect leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-31821 | 2025-04-01 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in formsintegrations Integration of Zoho CRM and Contact Form 7 allows Phishing. This issue affects Integration of Zoho CRM and Contact Form 7: from n/a through 1.0.6.
|
|||||
| CVE-2025-31871 | 2025-04-01 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Galaxy Weblinks WP Clone any post type allows Phishing. This issue affects WP Clone any post type: from n/a through 3.4.
|
|||||
| CVE-2024-57241 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.5 MEDIUM |
|
Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.
|
|||||
| CVE-2024-49682 | 1 Simple-membership-plugin | 1 Simple Membership | 2025-03-31 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3.
|
|||||
| CVE-2025-27424 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-03-28 | N/A | 4.3 MEDIUM |
|
Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.
|
|||||
| CVE-2022-44718 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 3.5 LOW |
|
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to suc ...
Show More |
|||||
| CVE-2022-44717 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 3.1 LOW |
|
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to suc ...
Show More |
|||||
| CVE-2025-30795 | 2025-03-27 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.5.1.
|
|||||
| CVE-2025-30781 | 2025-03-27 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce allows Phishing. This issue affects Scheduled & Automatic Order Status Controller for WooCommerce: from n/a through 3.7.1.
|
|||||
| CVE-2025-30885 | 2025-03-27 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Phishing. This issue affects Bit Form – Contact Form Plugin: from n/a through 2.18.0.
|
|||||
| CVE-2025-30884 | 2025-03-27 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Integrations allows Phishing. This issue affects Bit Integrations: from n/a through 2.4.10.
|
|||||
| CVE-2025-30859 | 2025-03-27 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ali2woo AliNext allows Phishing. This issue affects AliNext: from n/a through 3.5.1.
|
|||||
| CVE-2025-1488 | 1 Wpo365 | 1 Microsoft 365 Graph Mailer | 2025-03-27 | N/A | 4.7 MEDIUM |
|
The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if 1. they can successfully trick them into performing an action and 2. the plugin is activated but not configured.
|
|||||
| CVE-2024-0250 | 1 Deconf | 1 Analytics Insights | 2025-03-26 | N/A | 6.1 MEDIUM |
|
The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
|
|||||
| CVE-2022-28923 | 1 Caddyserver | 1 Caddy | 2025-03-26 | N/A | 6.1 MEDIUM |
|
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
|
|||||
| CVE-2024-8021 | 1 Gradio Project | 1 Gradio | 2025-03-26 | N/A | 6.1 MEDIUM |
|
An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an attacker-controlled site.
|
|||||
| CVE-2022-38657 | 1 Hcltech | 1 Hcl Leap | 2025-03-26 | N/A | 8.2 HIGH |
|
An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page.
|
|||||
| CVE-2024-20369 | 1 Cisco | 1 Network Services Orchestrator | 2025-03-25 | N/A | 4.7 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
|
|||||
| CVE-2024-44776 | 1 Vtiger | 1 Vtiger Crm | 2025-03-25 | N/A | 6.1 MEDIUM |
|
An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL.
|
|||||
| CVE-2023-22798 | 1 Brave | 1 Adblock-lists | 2025-03-25 | N/A | 6.1 MEDIUM |
|
Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as "debouncing" and is intended to remove unnecessary redirects that track users across the web.
|
|||||
| CVE-2023-22797 | 2 Actionpack Project, Rubyonrails | 2 Actionpack, Rails | 2025-03-24 | N/A | 6.1 MEDIUM |
|
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.
|
|||||
| CVE-2025-23086 | 2025-03-22 | N/A | 6.1 MEDIUM | ||
|
On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect.
|
|||||
| CVE-2023-27292 | 1 Opencats | 1 Opencats | 2025-03-21 | N/A | 5.4 MEDIUM |
|
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.
|
|||||
| CVE-2023-3922 | 1 Gitlab | 1 Gitlab | 2025-03-20 | N/A | 3.0 LOW |
|
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page.
|
|||||