Total
1515 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2026-06-17 | N/A | 4.7 MEDIUM |
| URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | |||||
| CVE-2023-27292 | 1 Opencats | 1 Opencats | 2026-06-17 | N/A | 5.4 MEDIUM |
| An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. | |||||
| CVE-2023-26494 | 1 Thethingsnetwork | 1 Lorawan-stack | 2026-06-17 | N/A | 6.1 MEDIUM |
| lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix. | |||||
| CVE-2023-26159 | 1 Follow-redirects | 1 Follow Redirects | 2026-06-17 | N/A | 7.3 HIGH |
| Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | |||||
| CVE-2023-25829 | 1 Esri | 1 Portal For Arcgis | 2026-06-17 | N/A | 6.1 MEDIUM |
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | |||||
| CVE-2023-25734 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2026-06-17 | N/A | 8.1 HIGH |
| After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
| CVE-2023-24935 | 1 Microsoft | 1 Edge Chromium | 2026-06-17 | N/A | 6.1 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2023-24892 | 1 Microsoft | 1 Edge Chromium | 2026-06-17 | N/A | 8.2 HIGH |
| Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | |||||
| CVE-2023-24735 | 1 Sigb | 1 Pmb | 2026-06-17 | N/A | 6.1 MEDIUM |
| PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | |||||
| CVE-2023-24445 | 1 Jenkins | 1 Openid | 2026-06-17 | N/A | 6.1 MEDIUM |
| Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | |||||
| CVE-2023-24044 | 1 Plesk | 1 Obsidian | 2026-06-17 | N/A | 6.1 MEDIUM |
| A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." | |||||
| CVE-2023-24030 | 1 Zimbra | 1 Collaboration | 2026-06-17 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807. | |||||
| CVE-2023-23957 | 1 Symantec | 1 Identity Portal | 2026-06-17 | N/A | 5.4 MEDIUM |
| An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | |||||
| CVE-2023-23860 | 1 Sap | 1 Netweaver Application Server Abap | 2026-06-17 | N/A | 6.1 MEDIUM |
| SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. | |||||
| CVE-2023-23855 | 1 Sap | 1 Solution Manager | 2026-06-17 | N/A | 6.5 MEDIUM |
| SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability. | |||||
| CVE-2023-23853 | 1 Sap | 1 Netweaver Application Server Abap | 2026-06-17 | N/A | 6.1 MEDIUM |
| An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability. | |||||
| CVE-2023-23754 | 1 Joomla | 1 Joomla\! | 2026-06-17 | N/A | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. | |||||
| CVE-2023-23395 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2026-06-17 | N/A | 3.1 LOW |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-22958 | 1 Syracom | 1 Secure Login | 2026-06-17 | N/A | 6.1 MEDIUM |
| The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter. | |||||
| CVE-2023-22798 | 1 Brave | 1 Adblock-lists | 2026-06-17 | N/A | 6.1 MEDIUM |
| Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as "debouncing" and is intended to remove unnecessary redirects that track users across the web. | |||||