Vulnerabilities (CVE)

Filtered by CWE-601
Total 1159 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3832 2 Microsoft, Opera 2 Windows, Opera Browser 2025-04-09 5.8 MEDIUM N/A
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.
CVE-2008-2052 1 Bitrix24 1 Bitrix Site Manager 2025-04-09 4.3 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
CVE-2025-3433 2025-04-08 N/A 6.1 MEDIUM
The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. This is due to insufficient validation on the redirect url supplied via the 'redir' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
CVE-2024-31253 1 Wp-oauth 1 Wp Oauth Server 2025-04-08 N/A 4.7 MEDIUM
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3.
CVE-2024-31282 1 Appcheap 1 App Builder 2025-04-08 N/A 4.7 MEDIUM
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7.
CVE-2023-0042 1 Gitlab 1 Gitlab 2025-04-08 N/A 6.1 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
CVE-2022-3145 1 Okta 1 Oidc Middleware 2025-04-08 N/A 4.7 MEDIUM
An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.
CVE-2023-22958 1 Syracom 1 Secure Login 2025-04-07 N/A 6.1 MEDIUM
The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.
CVE-2025-24180 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-04-07 N/A 8.1 HIGH
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.
CVE-2022-43721 1 Apache 1 Superset 2025-04-07 N/A 5.4 MEDIUM
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
CVE-2024-4773 1 Mozilla 1 Firefox 2025-04-04 N/A 7.5 HIGH
When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.
CVE-2025-0244 1 Mozilla 1 Firefox 2025-04-03 N/A 5.3 MEDIUM
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134.
CVE-2023-22298 2 Fedoraproject, Pgadmin 2 Fedora, Pgadmin 4 2025-04-03 N/A 6.1 MEDIUM
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
CVE-2025-27426 2 Apple, Mozilla 2 Iphone Os, Firefox 2025-04-03 N/A 5.4 MEDIUM
Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136.
CVE-2004-2260 1 Opera 1 Opera Browser 2025-04-03 5.0 MEDIUM N/A
Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.
CVE-2005-1475 1 Opera 1 Opera Browser 2025-04-03 7.5 HIGH N/A
The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect.
CVE-2005-4206 1 Blackboard 1 Academic Suite 2025-04-03 4.0 MEDIUM 6.1 MEDIUM
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.
CVE-2005-0420 1 Microsoft 1 Exchange Server 2025-04-03 5.8 MEDIUM N/A
Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.
CVE-2023-24044 1 Plesk 1 Obsidian 2025-04-02 N/A 6.1 MEDIUM
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."
CVE-2023-24445 1 Jenkins 1 Openid 2025-04-02 N/A 6.1 MEDIUM
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.