Total
1484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32129 | 2026-06-17 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.6. | |||||
| CVE-2024-32078 | 2026-06-17 | N/A | 4.1 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212. | |||||
| CVE-2024-31282 | 1 Appcheap | 1 App Builder | 2026-06-17 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7. | |||||
| CVE-2024-31253 | 1 Wp-oauth | 1 Wp Oauth Server | 2026-06-17 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3. | |||||
| CVE-2024-31135 | 1 Jetbrains | 1 Teamcity | 2026-06-17 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | |||||
| CVE-2024-30140 | 1 Hcltech | 1 Bigfix Compliance | 2026-06-17 | N/A | 5.4 MEDIUM |
| HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page. | |||||
| CVE-2024-2419 | 2026-06-17 | N/A | 7.1 HIGH | ||
| A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291. | |||||
| CVE-2024-28344 | 1 Sipwise | 1 Next Generation Communication Platform | 2026-06-17 | N/A | 3.1 LOW |
| An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL. | |||||
| CVE-2024-28287 | 2026-06-17 | N/A | 7.3 HIGH | ||
| A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL. | |||||
| CVE-2024-28076 | 1 Solarwinds | 1 Solarwinds Platform | 2026-06-17 | N/A | 7.0 HIGH |
| The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format | |||||
| CVE-2024-27592 | 1 Corezoid | 1 Corezoid | 2026-06-17 | N/A | 4.3 MEDIUM |
| Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL. | |||||
| CVE-2024-27184 | 1 Joomla | 1 Joomla\! | 2026-06-17 | N/A | 6.1 MEDIUM |
| Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.. | |||||
| CVE-2024-26504 | 2026-06-17 | N/A | 8.8 HIGH | ||
| An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. | |||||
| CVE-2024-25715 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2026-06-17 | N/A | 6.1 MEDIUM |
| Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. | |||||
| CVE-2024-25676 | 2026-06-17 | N/A | 4.7 MEDIUM | ||
| An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading. | |||||
| CVE-2024-25657 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites. | |||||
| CVE-2024-25566 | 1 Forgerock | 1 Access Management | 2026-06-17 | N/A | 6.1 MEDIUM |
| An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks | |||||
| CVE-2024-25559 | 1 Appleple | 1 A-blog Cms | 2026-06-17 | N/A | 4.7 MEDIUM |
| URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log. | |||||
| CVE-2024-24818 | 1 Espocrm | 1 Espocrm | 2026-06-17 | N/A | 5.9 MEDIUM |
| EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2. | |||||
| CVE-2024-24808 | 1 Pyload | 1 Pyload | 2026-06-17 | N/A | 4.7 MEDIUM |
| pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451. | |||||