Total
1377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6781 | 1 Gitlab | 1 Gitlab | 2025-03-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.
|
|||||
| CVE-2024-8897 | 2 Google, Mozilla | 2 Android, Firefox | 2025-03-19 | N/A | 6.1 MEDIUM |
|
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1.
|
|||||
| CVE-2022-0637 | 1 Mozilla | 1 Pollbot | 2025-03-19 | N/A | 6.1 MEDIUM |
|
open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6
|
|||||
| CVE-2025-21512 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-17 | N/A | 6.1 MEDIUM |
|
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additi ...
Show More |
|||||
| CVE-2024-3032 | 1 Themify | 1 Builder | 2025-03-17 | N/A | 6.1 MEDIUM |
|
Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
|
|||||
| CVE-2024-6289 | 1 Wpserveur | 1 Wps Hide Login | 2025-03-17 | N/A | 6.1 MEDIUM |
|
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
|
|||||
| CVE-2025-28896 | 2025-03-11 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0.
|
|||||
| CVE-2023-22432 | 1 Web2py | 1 Web2py | 2025-03-07 | N/A | 6.1 MEDIUM |
|
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.
|
|||||
| CVE-2022-2837 | 1 Coredns.io | 1 Coredns | 2025-03-07 | N/A | 6.1 MEDIUM |
|
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.
|
|||||
| CVE-2022-24776 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-03-07 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds.
|
|||||
| CVE-2021-32805 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-03-07 | 5.8 MEDIUM | 7.2 HIGH |
|
Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where ...
Show More |
|||||
| CVE-2024-47353 | 1 Quomodosoft | 1 Elementsready | 2025-03-06 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2.
|
|||||
| CVE-2025-21401 | 1 Microsoft | 1 Edge Chromium | 2025-03-05 | N/A | 4.5 MEDIUM |
|
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-11955 | 1 Glpi-project | 1 Glpi | 2025-03-04 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2023-24935 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 6.1 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2023-24892 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 8.2 HIGH |
|
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
|
|||||
| CVE-2025-27143 | 1 Better-auth | 1 Better Auth | 2025-02-28 | N/A | 6.1 MEDIUM |
|
Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While the server blocks fully qualified URLs, it incorrectly allows scheme-less URLs. This results in the browser interpreting the URL as a fully qualified URL, leading to unintended redirection. An attacker c ...
Show More |
|||||
| CVE-2024-22244 | 1 Linuxfoundation | 1 Harbor | 2025-02-26 | N/A | 4.3 MEDIUM |
|
Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.
|
|||||
| CVE-2024-13888 | 1 Amauri | 1 Wpmobile.app | 2025-02-25 | N/A | 7.2 HIGH |
|
The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
|
|||||
| CVE-2022-2237 | 1 Redhat | 2 Keycloak Node.js Adapter, Single Sign-on | 2025-02-24 | N/A | 6.1 MEDIUM |
|
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.
|
|||||
| CVE-2024-28113 | 1 Peering-manager | 1 Peering Manager | 2025-02-20 | N/A | 3.5 LOW |
|
Peering Manager is a BGP session management tool. In Peering Manager <=1.8.2, it is possible to redirect users to an arbitrary page using a crafted url. As a result users can be redirected to an unexpected location. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2025-25300 | 2025-02-18 | N/A | N/A | ||
|
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner `View` link and navigating to 3rd party page leaves `window.opener` exposed. It may allow hostile third parties to abuse `window.opener`, e.g. by redirection or injection on the original page with smartbanner. `rel="noopener"` is automatically populated to links as of `v1.14.1` which is a recommended upgrade to resolve the vulnerability. Some workarounds are available for those ...
Show More |
|||||
| CVE-2025-1269 | 2025-02-18 | N/A | 4.8 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing.This issue affects Liman MYS: before 2.1.1 - 1010.
|
|||||
| CVE-2025-24020 | 1 Wegia | 1 Wegia | 2025-02-13 | N/A | 6.1 MEDIUM |
|
WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be ex ...
Show More |
|||||
| CVE-2024-22262 | 2025-02-13 | N/A | 8.1 HIGH | ||
|
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different ...
Show More |
|||||
| CVE-2024-22243 | 2025-02-13 | N/A | 8.1 HIGH | ||
|
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
|
|||||
| CVE-2024-34071 | 1 Umbraco | 1 Umbraco Cms | 2025-02-12 | N/A | 6.1 MEDIUM |
|
Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1.
|
|||||
| CVE-2025-24868 | 2025-02-11 | N/A | 7.1 HIGH | ||
|
The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirect URL validation. On successful exploitation attacker can cause limited impact on confidentiality, integrity, and availability of the system.
|
|||||
| CVE-2024-28076 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | N/A | 7.0 HIGH |
|
The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format
|
|||||
| CVE-2025-24741 | 1 Logon | 1 Kb Support | 2025-02-10 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7.
|
|||||
| CVE-2022-46886 | 1 Servicenow | 1 Servicenow | 2025-02-06 | N/A | 5.5 MEDIUM |
|
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.
|
|||||
| CVE-2024-38485 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | N/A | 4.3 MEDIUM |
|
Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage.
|
|||||
| CVE-2024-54728 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
|
Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs.
|
|||||
| CVE-2020-21038 | 1 Typecho | 1 Typecho | 2025-01-29 | N/A | 6.1 MEDIUM |
|
Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.
|
|||||
| CVE-2023-44308 | 1 Liferay | 1 Digital Experience Platform | 2025-01-28 | N/A | 6.1 MEDIUM |
|
Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_adaptive_media_web_portlet_AMPortlet_redirect parameter.
|
|||||
| CVE-2023-5190 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | N/A | 6.1 MEDIUM |
|
Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter.
|
|||||
| CVE-2024-56972 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56971 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56969 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56968 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload.
|
|||||