Total
1418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68470 | 1 Shopify | 1 React-router | 2026-01-30 | N/A | 6.5 MEDIUM |
| React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6. | |||||
| CVE-2024-39097 | 1 Sir | 1 Gnuboard | 2026-01-26 | N/A | 6.1 MEDIUM |
| There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path. | |||||
| CVE-2026-22912 | 1 Sick | 2 Tdc-x401gl, Tdc-x401gl Firmware | 2026-01-23 | N/A | 4.3 MEDIUM |
| Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users. | |||||
| CVE-2026-0513 | 1 Sap | 1 Supplier Relationship Management | 2026-01-22 | N/A | 4.7 MEDIUM |
| Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application. Confidentiality and availability are not impacted. | |||||
| CVE-2025-61782 | 1 Citeum | 1 Opencti | 2026-01-20 | N/A | 5.4 MEDIUM |
| OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint (/auth/saml/callback). By manipulating the RelayState parameter, an attacker can force the server to issue a 302 redirect to any external URL, enabling phishing, credential theft, and arbitrary site redirection. This issue has been patched in version 6.8.3. | |||||
| CVE-2026-22032 | 1 Monospace | 1 Directus | 2026-01-20 | N/A | 4.3 MEDIUM |
| Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the `RelayState` parameter is intended to preserve the user's original destination. However, while the login initiation flow validates redirect targets against allowed domains, this validation is not applied to the callback endpoint. This allows an attacker to craft a malicious authentication request that redirects users to an arbitrary external URL upon completion. The vulnerability is present in both the success and error handling paths of the callback. This vulnerability can be exploited without authentication. Version 11.14.0 contains a patch. | |||||
| CVE-2026-21879 | 1 Kanboard | 1 Kanboard | 2026-01-20 | N/A | 4.7 MEDIUM |
| Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the filter_var($url, FILTER_VALIDATE_URL) validation check. This vulnerability could be exploited to conduct phishing attacks, steal user credentials, or distribute malware. The issue is fixed in version 1.2.49. | |||||
| CVE-2025-14524 | 1 Haxx | 1 Curl | 2026-01-20 | N/A | 5.3 MEDIUM |
| When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. | |||||
| CVE-2025-62595 | 1 Koajs | 1 Koa | 2026-01-20 | N/A | 4.3 MEDIUM |
| Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation incorrectly treats some specially crafted URLs as safe relative paths. Exploiting this vulnerability could allow attackers to perform phishing, social engineering, or other redirect-based attacks on users of affected applications. This issue has been patched in version 3.0.3. | |||||
| CVE-2025-42893 | 1 Sap | 1 Business Connector | 2026-01-16 | N/A | 6.1 MEDIUM |
| Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal sensitive information and perform unauthorized actions, impacting the confidentiality and integrity of web client data. There is no impact to system availability resulting from this vulnerability. | |||||
| CVE-2025-60935 | 1 Returnfi | 1 Blitz | 2026-01-15 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the next_url parameter in the login endpoint and could lead to phishing or token theft after successful authentication. | |||||
| CVE-2025-47890 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortisase | 2026-01-14 | N/A | 2.6 LOW |
| An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests. | |||||
| CVE-2025-65581 | 1 Volosoft | 1 Abp | 2026-01-07 | N/A | 5.3 MEDIUM |
| An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains. | |||||
| CVE-2025-55254 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2026-01-06 | N/A | 3.7 LOW |
| Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages. | |||||
| CVE-2023-53901 | 1 Wbce | 1 Wbce Cms | 2025-12-30 | N/A | 5.4 MEDIUM |
| WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests. | |||||
| CVE-2025-52552 | 1 Fastgpt | 1 Fastgpt | 2025-12-29 | N/A | 6.1 MEDIUM |
| FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12. | |||||
| CVE-2025-62690 | 1 Mattermost | 1 Mattermost Server | 2025-12-29 | N/A | 3.1 LOW |
| Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab. | |||||
| CVE-2025-50182 | 1 Python | 1 Urllib3 | 2025-12-22 | N/A | 5.3 MEDIUM |
| urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0. | |||||
| CVE-2025-50181 | 1 Python | 1 Urllib3 | 2025-12-22 | N/A | 5.3 MEDIUM |
| urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. | |||||
| CVE-2025-34440 | 1 Wwbn | 1 Avideo | 2025-12-19 | N/A | 6.1 MEDIUM |
| AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks. | |||||