Total
1159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34065 | 1 Strapi | 1 Strapi | 2024-11-21 | N/A | 7.1 HIGH |
| Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch. | |||||
| CVE-2024-33930 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ILLID Share This Image.This issue affects Share This Image: from n/a through 1.97. | |||||
| CVE-2024-33584 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Deepen Bajracharya Video Conferencing with Zoom.This issue affects Video Conferencing with Zoom: from n/a through 4.4.4. | |||||
| CVE-2024-32129 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.6. | |||||
| CVE-2024-32078 | 2024-11-21 | N/A | 4.1 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212. | |||||
| CVE-2024-31135 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | |||||
| CVE-2024-2419 | 2024-11-21 | N/A | 7.1 HIGH | ||
| A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291. | |||||
| CVE-2024-28287 | 2024-11-21 | N/A | 7.3 HIGH | ||
| A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL. | |||||
| CVE-2024-26504 | 2024-11-21 | N/A | 8.8 HIGH | ||
| An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. | |||||
| CVE-2024-25657 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites. | |||||
| CVE-2024-24808 | 1 Pyload | 1 Pyload | 2024-11-21 | N/A | 4.7 MEDIUM |
| pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451. | |||||
| CVE-2024-24764 | 1 Octobercms | 1 October | 2024-11-21 | N/A | 3.5 LOW |
| October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15. | |||||
| CVE-2024-23442 | 1 Elastic | 1 Kibana | 2024-11-21 | N/A | 6.1 MEDIUM |
| An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | |||||
| CVE-2024-22400 | 1 Nextcloud | 1 Sso \& Saml Authentication | 2024-11-21 | N/A | 3.1 LOW |
| Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue. | |||||
| CVE-2024-22308 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | N/A | 3.4 LOW |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1. | |||||
| CVE-2024-22248 | 2024-11-21 | N/A | 7.1 HIGH | ||
| VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | |||||
| CVE-2024-21794 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | N/A | 5.4 MEDIUM |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. | |||||
| CVE-2024-21734 | 1 Sap | 1 Marketing | 2024-11-21 | N/A | 3.7 LOW |
| SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application. | |||||
| CVE-2024-21684 | 2024-11-21 | N/A | 3.1 LOW | ||
| There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the supported fixed versions. | |||||
| CVE-2024-20400 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. | |||||