Total
1377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47644 | 2025-05-08 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in formsintegrations Integrations of Zoho CRM with Elementor form allows Phishing. This issue affects Integrations of Zoho CRM with Elementor form: from n/a through 1.0.7.
|
|||||
| CVE-2025-46826 | 2025-05-08 | N/A | N/A | ||
|
insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal risk, was never exploited, and had limited impact. A fix was implemented promptly on May 3, 2025.
|
|||||
| CVE-2024-21065 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-05-08 | N/A | 6.1 MEDIUM |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact ...
Show More |
|||||
| CVE-2025-4328 | 2025-05-07 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/web/MvcController.java of the component HTTP Header Handler. The manipulation of the argument Referer leads to open redirect. The attack can be launched remotely. The exploit has been disclo ...
Show More |
|||||
| CVE-2024-0337 | 1 Travelpayouts | 1 Travelpayouts | 2025-05-05 | N/A | 6.1 MEDIUM |
|
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
|
|||||
| CVE-2022-23599 | 1 Plone | 1 Plone | 2025-05-05 | 2.6 LOW | 4.3 MEDIUM |
|
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affect ...
Show More |
|||||
| CVE-2022-43985 | 1 Apache | 1 Airflow | 2025-05-02 | N/A | 6.1 MEDIUM |
|
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
|
|||||
| CVE-2022-3486 | 1 Gitlab | 1 Gitlab | 2025-05-01 | N/A | 4.7 MEDIUM |
|
An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.
|
|||||
| CVE-2022-3280 | 1 Gitlab | 1 Gitlab | 2025-05-01 | N/A | 3.5 LOW |
|
An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.
|
|||||
| CVE-2022-37927 | 1 Hpe | 1 Oneview Global Dashboard | 2025-05-01 | N/A | 6.1 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).
|
|||||
| CVE-2022-44560 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 5.3 MEDIUM |
|
The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.
|
|||||
| CVE-2022-45402 | 1 Apache | 1 Airflow | 2025-04-30 | N/A | 6.1 MEDIUM |
|
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
|
|||||
| CVE-2021-22141 | 1 Elastic | 1 Kibana | 2025-04-29 | N/A | 6.1 MEDIUM |
|
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.
|
|||||
| CVE-2025-2068 | 2025-04-29 | N/A | 5.0 MEDIUM | ||
|
An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user.
|
|||||
| CVE-2025-39404 | 2025-04-29 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Heateor Support Sassy Social Share allows Phishing. This issue affects Sassy Social Share: from n/a through 3.3.73.
|
|||||
| CVE-2024-46331 | 1 Modstart | 1 Mostartcms | 2025-04-28 | N/A | 7.2 HIGH |
|
ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted URL.
|
|||||
| CVE-2024-24291 | 1 Yzmcms | 1 Yzmcms | 2025-04-24 | N/A | 6.1 MEDIUM |
|
An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL.
|
|||||
| CVE-2024-55452 | 1 Ujcms | 1 Ujcms | 2025-04-24 | N/A | 5.4 MEDIUM |
|
A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage.
|
|||||
| CVE-2022-43479 | 1 Ss-proj | 1 Shirasagi | 2025-04-24 | N/A | 6.1 MEDIUM |
|
Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.
|
|||||
| CVE-2022-36029 | 1 Bigbluebutton | 1 Greenlight | 2025-04-24 | N/A | 9.1 CRITICAL |
|
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
|
|||||
| CVE-2022-36028 | 1 Bigbluebutton | 1 Greenlight | 2025-04-24 | N/A | 9.1 CRITICAL |
|
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
|
|||||
| CVE-2023-25829 | 1 Esri | 1 Portal For Arcgis | 2025-04-23 | N/A | 6.1 MEDIUM |
|
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
|
|||||
| CVE-2022-45917 | 1 Ilias | 1 Ilias | 2025-04-23 | N/A | 6.1 MEDIUM |
|
ILIAS before 7.16 has an Open Redirect.
|
|||||
| CVE-2022-46683 | 1 Jenkins | 1 Google Login | 2025-04-23 | N/A | 6.1 MEDIUM |
|
Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
|
|||||
| CVE-2022-41559 | 1 Tibco | 1 Nimbus | 2025-04-22 | N/A | 9.3 CRITICAL |
|
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.
|
|||||
| CVE-2024-0545 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-04-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2016-8949 | 1 Ibm | 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2025-04-20 | 4.9 MEDIUM | 5.4 MEDIUM |
|
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 1 ...
Show More |
|||||
| CVE-2017-12138 | 1 Xoops | 1 Xoops | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
|
|||||
| CVE-2015-9058 | 1 Proxmox | 1 Proxmox Mail Gateway | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter.
|
|||||
| CVE-2016-4334 | 1 Jivesoftware | 1 Jive | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Jive before 2016.3.1 has an open redirect from the external-link.jspa page.
|
|||||
| CVE-2017-14038 | 1 Crushftp | 1 Crushftp | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.
|
|||||
| CVE-2017-14524 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.
|
|||||
| CVE-2017-11879 | 1 Microsoft | 1 Asp.net Core | 2025-04-20 | 4.3 MEDIUM | 8.8 HIGH |
|
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".
|
|||||
| CVE-2015-5608 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
|
|||||
| CVE-2017-6670 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1.
|
|||||
| CVE-2017-5615 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.
|
|||||
| CVE-2017-1489 | 1 Ibm | 6 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web and 3 more | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
|
|||||
| CVE-2016-0228 | 1 Ibm | 1 Marketing Platform | 2025-04-20 | 4.9 MEDIUM | 5.4 MEDIUM |
|
IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236.
|
|||||
| CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.
|
|||||
| CVE-2015-4668 | 1 Xceedium | 1 Xsuite | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
|
|||||