Total
1484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1885 | 1 Restajet | 1 Online Food Delivery System | 2026-06-06 | N/A | 5.4 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Phishing, Forceful Browsing. This issue affects Online Food Delivery System: through 19122025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-1269 | 2026-06-06 | N/A | 4.8 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing. This issue affects Liman MYS: before 2.1.1 - 1010. | |||||
| CVE-2025-0608 | 2026-06-06 | N/A | 5.5 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Logo Software Inc. Logo Cloud allows Phishing, Forceful Browsing. This issue affects Logo Cloud: before 2025.R6. | |||||
| CVE-2025-4296 | 2026-06-05 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HotelRunner B2B allows Forceful Browsing. This issue affects B2B: before 04.06.2025. | |||||
| CVE-2025-7702 | 2026-06-05 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pusula Communication Information Internet Industry and Trade Ltd. Co. Manageable Email Sending System allows Exploiting Trust in Client. This issue affects Manageable Email Sending System: from <=2025.06 before 2025.08.06. | |||||
| CVE-2026-41569 | 1 Goauthentik | 1 Authentik | 2026-06-04 | N/A | 6.1 MEDIUM |
| authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin that passes the check (e.g. https://portal.example.com.evil.tld/), causing the victim's browser to POST the signed WS-Federation login response to attacker-controlled infrastructure. This issue has been patched in version 2026.2.3. | |||||
| CVE-2026-40181 | 1 Shopify | 1 React-router | 2026-06-04 | N/A | 6.1 MEDIUM |
| React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depends on the validation done by the application prior to returning the redirect. This does not impact applications using Declarative Mode (<BrowserRouter>). This is patched in versions 7.14.1 and 6.30.4. | |||||
| CVE-2026-43924 | 2026-06-04 | N/A | N/A | ||
| FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect targets, creating an open redirect vulnerability exploitable for phishing attacks. Users following a legitimate FOSSBilling URL can be silently redirected to an attacker-controlled external site. The redirect is issued as a 301 (Moved Permanently) response, which browsers cache persistently, amplifying the impact. Exploitation requires administrator privileges to create or modify redirect entries, limiting practical attack scenarios to multi-admin environments or compromised admin accounts. Version 0.8.0 fixes the issue. Some workarounds are available. Restrict admin access to the Redirect module to trusted administrators only and/or audit existing redirect entries in the database (the `extension_meta` table with `extension = 'mod_redirect'`) for any unexpected or external target URLs. | |||||
| CVE-2026-7504 | 1 Redhat | 1 Build Of Keycloak | 2026-06-03 | N/A | 8.1 HIGH |
| A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further attacks. This vulnerability specifically affects Keycloak clients configured with a wildcard (*) in the "Valid Redirect URIs" field and requires user interaction to be successfully exploited. The issue stems from a discrepancy in how Keycloak and the underlying Java URI implementation handle the user-info component of a URL. If a malicious redirect URL is constructed using multiple @ characters in the user-info section, Java's URI parser fails to extract the user-info, leaving only the raw authority field. Consequently, Keycloak's validation check fails to detect the malformed user-info, falls back to a wildcard comparison, and incorrectly permits the malicious redirect. | |||||
| CVE-2026-34257 | 1 Sap | 1 Netweaver Application Server Abap | 2026-06-03 | N/A | 6.1 MEDIUM |
| Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability. | |||||
| CVE-2026-45278 | 1 Nextcloud | 1 User Oidc | 2026-06-03 | N/A | 3.3 LOW |
| Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2. | |||||
| CVE-2024-4604 | 2026-06-03 | N/A | 6.1 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO (Single Sign On) allows Manipulating Hidden Fields. This issue affects SSO (Single Sign On): from 1.0 before 1.1. | |||||
| CVE-2019-10955 | 1 Rockwellautomation | 11 Compactlogix 5370 L1, Compactlogix 5370 L1 Firmware, Compactlogix 5370 L2 and 8 more | 2026-06-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine. | |||||
| CVE-2026-2376 | 1 Redhat | 3 Enterprise Linux, Mirror Registry, Quay | 2026-06-02 | N/A | 4.9 MEDIUM |
| A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to. | |||||
| CVE-2026-40961 | 1 Apache | 1 Airflow | 2026-06-02 | N/A | 7.2 HIGH |
| A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deployment operators can place Airflow behind a reverse proxy that strips off-domain `next=` query parameters before they reach the login endpoint. | |||||
| CVE-2026-44681 | 1 Authlib | 1 Authlib | 2026-06-02 | N/A | 6.1 MEDIUM |
| Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. This vulnerability is fixed in 1.6.12 and 1.7.1. | |||||
| CVE-2026-49380 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | N/A | 3.1 LOW |
| In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible | |||||
| CVE-2026-45307 | 2026-06-01 | N/A | 6.1 MEDIUM | ||
| Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the is_safe_url() helper used to validate post-login redirect targets applied urljoin(request.host_url, target) before parsing, while the controller passed the raw target to redirect(). A scheme-relative input such as ////evil.com resolved to a same-host URL during validation but was emitted verbatim in the Location header, where the browser interpreted it as a network-path-relative redirect to an attacker-controlled host. This vulnerability is fixed in 0.8.20-alpha. | |||||
| CVE-2024-12924 | 2026-06-01 | N/A | 6.3 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing. This issue affects QR Menü: from s1.05.05 before v1.05.12. | |||||
| CVE-2026-20994 | 1 Samsung | 1 Account | 2026-05-29 | N/A | 6.1 MEDIUM |
| URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token. | |||||