Total
1202 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1488 | 1 Wpo365 | 1 Microsoft 365 Graph Mailer | 2025-03-27 | N/A | 4.7 MEDIUM |
| The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if 1. they can successfully trick them into performing an action and 2. the plugin is activated but not configured. | |||||
| CVE-2024-0250 | 1 Deconf | 1 Analytics Insights | 2025-03-26 | N/A | 6.1 MEDIUM |
| The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2022-28923 | 1 Caddyserver | 1 Caddy | 2025-03-26 | N/A | 6.1 MEDIUM |
| Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. | |||||
| CVE-2024-8021 | 1 Gradio Project | 1 Gradio | 2025-03-26 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an attacker-controlled site. | |||||
| CVE-2022-38657 | 1 Hcltech | 1 Hcl Leap | 2025-03-26 | N/A | 8.2 HIGH |
| An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. | |||||
| CVE-2024-20369 | 1 Cisco | 1 Network Services Orchestrator | 2025-03-25 | N/A | 4.7 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. | |||||
| CVE-2024-44776 | 1 Vtiger | 1 Vtiger Crm | 2025-03-25 | N/A | 6.1 MEDIUM |
| An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL. | |||||
| CVE-2023-22798 | 1 Brave | 1 Adblock-lists | 2025-03-25 | N/A | 6.1 MEDIUM |
| Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as "debouncing" and is intended to remove unnecessary redirects that track users across the web. | |||||
| CVE-2023-22797 | 2 Actionpack Project, Rubyonrails | 2 Actionpack, Rails | 2025-03-24 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability. | |||||
| CVE-2025-23086 | 2025-03-22 | N/A | 6.1 MEDIUM | ||
| On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect. | |||||
| CVE-2023-27292 | 1 Opencats | 1 Opencats | 2025-03-21 | N/A | 5.4 MEDIUM |
| An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. | |||||
| CVE-2023-3922 | 1 Gitlab | 1 Gitlab | 2025-03-20 | N/A | 3.0 LOW |
| An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page. | |||||
| CVE-2019-6781 | 1 Gitlab | 1 Gitlab | 2025-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails. | |||||
| CVE-2024-8897 | 2 Google, Mozilla | 2 Android, Firefox | 2025-03-19 | N/A | 6.1 MEDIUM |
| Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1. | |||||
| CVE-2022-0637 | 1 Mozilla | 1 Pollbot | 2025-03-19 | N/A | 6.1 MEDIUM |
| open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6 | |||||
| CVE-2025-21512 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-17 | N/A | 6.1 MEDIUM |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2024-3032 | 1 Themify | 1 Builder | 2025-03-17 | N/A | 6.1 MEDIUM |
| Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | |||||
| CVE-2024-6289 | 1 Wpserveur | 1 Wps Hide Login | 2025-03-17 | N/A | 6.1 MEDIUM |
| The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. | |||||
| CVE-2021-38000 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2025-03-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | |||||
| CVE-2025-28896 | 2025-03-11 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0. | |||||