Total
1159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3832 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2025-04-09 | 5.8 MEDIUM | N/A |
| Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. | |||||
| CVE-2008-2052 | 1 Bitrix24 | 1 Bitrix Site Manager | 2025-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter. | |||||
| CVE-2025-3433 | 2025-04-08 | N/A | 6.1 MEDIUM | ||
| The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. This is due to insufficient validation on the redirect url supplied via the 'redir' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2024-31253 | 1 Wp-oauth | 1 Wp Oauth Server | 2025-04-08 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3. | |||||
| CVE-2024-31282 | 1 Appcheap | 1 App Builder | 2025-04-08 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7. | |||||
| CVE-2023-0042 | 1 Gitlab | 1 Gitlab | 2025-04-08 | N/A | 6.1 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols. | |||||
| CVE-2022-3145 | 1 Okta | 1 Oidc Middleware | 2025-04-08 | N/A | 4.7 MEDIUM |
| An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. | |||||
| CVE-2023-22958 | 1 Syracom | 1 Secure Login | 2025-04-07 | N/A | 6.1 MEDIUM |
| The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter. | |||||
| CVE-2025-24180 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-07 | N/A | 8.1 HIGH |
| The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix. | |||||
| CVE-2022-43721 | 1 Apache | 1 Superset | 2025-04-07 | N/A | 5.4 MEDIUM |
| An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | |||||
| CVE-2024-4773 | 1 Mozilla | 1 Firefox | 2025-04-04 | N/A | 7.5 HIGH |
| When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126. | |||||
| CVE-2025-0244 | 1 Mozilla | 1 Firefox | 2025-04-03 | N/A | 5.3 MEDIUM |
| When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134. | |||||
| CVE-2023-22298 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin 4 | 2025-04-03 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2025-27426 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-03 | N/A | 5.4 MEDIUM |
| Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136. | |||||
| CVE-2004-2260 | 1 Opera | 1 Opera Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
| Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute. | |||||
| CVE-2005-1475 | 1 Opera | 1 Opera Browser | 2025-04-03 | 7.5 HIGH | N/A |
| The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. | |||||
| CVE-2005-4206 | 1 Blackboard | 1 Academic Suite | 2025-04-03 | 4.0 MEDIUM | 6.1 MEDIUM |
| Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page. | |||||
| CVE-2005-0420 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 5.8 MEDIUM | N/A |
| Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. | |||||
| CVE-2023-24044 | 1 Plesk | 1 Obsidian | 2025-04-02 | N/A | 6.1 MEDIUM |
| A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." | |||||
| CVE-2023-24445 | 1 Jenkins | 1 Openid | 2025-04-02 | N/A | 6.1 MEDIUM |
| Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | |||||