Total
1424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0637 | 1 Mozilla | 1 Pollbot | 2025-03-19 | N/A | 6.1 MEDIUM |
| open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6 | |||||
| CVE-2025-21512 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-17 | N/A | 6.1 MEDIUM |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2024-3032 | 1 Themify | 1 Builder | 2025-03-17 | N/A | 6.1 MEDIUM |
| Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | |||||
| CVE-2024-6289 | 1 Wpserveur | 1 Wps Hide Login | 2025-03-17 | N/A | 6.1 MEDIUM |
| The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. | |||||
| CVE-2023-22432 | 1 Web2py | 1 Web2py | 2025-03-07 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack. | |||||
| CVE-2022-2837 | 1 Coredns.io | 1 Coredns | 2025-03-07 | N/A | 6.1 MEDIUM |
| A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD. | |||||
| CVE-2022-24776 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-03-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds. | |||||
| CVE-2021-32805 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-03-07 | 5.8 MEDIUM | 7.2 HIGH |
| Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround. | |||||
| CVE-2024-11955 | 1 Glpi-project | 1 Glpi | 2025-03-04 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2023-24935 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 6.1 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2023-24892 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 8.2 HIGH |
| Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | |||||
| CVE-2025-27143 | 1 Better-auth | 1 Better Auth | 2025-02-28 | N/A | 6.1 MEDIUM |
| Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While the server blocks fully qualified URLs, it incorrectly allows scheme-less URLs. This results in the browser interpreting the URL as a fully qualified URL, leading to unintended redirection. An attacker can exploit this flaw by crafting a malicious verification link and tricking users into clicking it. Upon successful email verification, the user will be automatically redirected to the attacker's website, which can be used for phishing, malware distribution, or stealing sensitive authentication tokens. This CVE is a bypass of the fix for GHSA-8jhw-6pjj-8723/CVE-2024-56734. Version 1.1.21 contains an updated patch. | |||||
| CVE-2024-22244 | 1 Linuxfoundation | 1 Harbor | 2025-02-26 | N/A | 4.3 MEDIUM |
| Open Redirect in HarborĀ <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. | |||||
| CVE-2024-13888 | 1 Amauri | 1 Wpmobile.app | 2025-02-25 | N/A | 7.2 HIGH |
| The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2022-2237 | 1 Redhat | 2 Keycloak Node.js Adapter, Single Sign-on | 2025-02-24 | N/A | 6.1 MEDIUM |
| A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function. | |||||
| CVE-2025-21401 | 2025-02-18 | N/A | 4.5 MEDIUM | ||
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2025-24020 | 1 Wegia | 1 Wegia | 2025-02-13 | N/A | 6.1 MEDIUM |
| WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue. | |||||
| CVE-2024-34071 | 1 Umbraco | 1 Umbraco Cms | 2025-02-12 | N/A | 6.1 MEDIUM |
| Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1. | |||||
| CVE-2024-28076 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | N/A | 7.0 HIGH |
| The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format | |||||
| CVE-2022-46886 | 1 Servicenow | 1 Servicenow | 2025-02-06 | N/A | 5.5 MEDIUM |
| There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain. | |||||