Total
1108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22141 | 1 Elastic | 1 Kibana | 2025-04-29 | N/A | 6.1 MEDIUM |
| An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website. | |||||
| CVE-2025-39404 | 2025-04-29 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Heateor Support Sassy Social Share allows Phishing. This issue affects Sassy Social Share: from n/a through 3.3.73. | |||||
| CVE-2025-2068 | 2025-04-29 | N/A | 5.0 MEDIUM | ||
| An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user. | |||||
| CVE-2024-46331 | 1 Modstart | 1 Mostartcms | 2025-04-28 | N/A | 7.2 HIGH |
| ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted URL. | |||||
| CVE-2024-24291 | 1 Yzmcms | 1 Yzmcms | 2025-04-24 | N/A | 6.1 MEDIUM |
| An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. | |||||
| CVE-2024-55452 | 1 Ujcms | 1 Ujcms | 2025-04-24 | N/A | 5.4 MEDIUM |
| A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage. | |||||
| CVE-2022-43479 | 1 Ss-proj | 1 Shirasagi | 2025-04-24 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. | |||||
| CVE-2022-36029 | 1 Bigbluebutton | 1 Greenlight | 2025-04-24 | N/A | 9.1 CRITICAL |
| Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. | |||||
| CVE-2022-36028 | 1 Bigbluebutton | 1 Greenlight | 2025-04-24 | N/A | 9.1 CRITICAL |
| Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. | |||||
| CVE-2023-25829 | 1 Esri | 1 Portal For Arcgis | 2025-04-23 | N/A | 6.1 MEDIUM |
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | |||||
| CVE-2022-45917 | 1 Ilias | 1 Ilias | 2025-04-23 | N/A | 6.1 MEDIUM |
| ILIAS before 7.16 has an Open Redirect. | |||||
| CVE-2022-46683 | 1 Jenkins | 1 Google Login | 2025-04-23 | N/A | 6.1 MEDIUM |
| Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | |||||
| CVE-2022-41559 | 1 Tibco | 1 Nimbus | 2025-04-22 | N/A | 9.3 CRITICAL |
| The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0. | |||||
| CVE-2024-0545 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-04-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36845 | 2025-04-21 | N/A | 5.3 MEDIUM | ||
| The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL. | |||||
| CVE-2017-11586 | 1 Finecms | 1 Finecms | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php. | |||||
| CVE-2017-8451 | 1 Elastic | 1 Kibana | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | |||||
| CVE-2017-11725 | 1 Thycotic | 1 Secret Server | 2025-04-20 | 5.8 MEDIUM | 5.4 MEDIUM |
| The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | |||||
| CVE-2016-10368 | 1 Opsview | 1 Opsview | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the /login URI. | |||||
| CVE-2017-8047 | 2 Cloudfoundry, Pivotal | 2 Cf-release, Routing-release | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275. | |||||