Total
1515 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23798 | 1 Joomla | 1 Joomla\! | 2026-06-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. | |||||
| CVE-2022-23618 | 1 Xwiki | 1 Xwiki | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue. | |||||
| CVE-2022-23599 | 1 Plone | 1 Plone | 2026-06-17 | 2.6 LOW | 4.3 MEDIUM |
| Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory. | |||||
| CVE-2022-23527 | 2 Debian, Openidc | 2 Debian Linux, Mod Auth Openidc | 2026-06-17 | N/A | 4.7 MEDIUM |
| mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed. | |||||
| CVE-2022-23237 | 1 Netapp | 1 E-series Santricity Os Controller | 2026-06-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. | |||||
| CVE-2022-23184 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2026-06-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. | |||||
| CVE-2022-23102 | 1 Siemens | 1 Sinema Remote Connect Server | 2026-06-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. | |||||
| CVE-2022-23078 | 1 Habitica | 1 Habitica | 2026-06-17 | 5.8 MEDIUM | N/A |
| In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page. | |||||
| CVE-2022-22919 | 1 Adenza | 1 Axiomsl Controllerview | 2026-06-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs. | |||||
| CVE-2022-22797 | 1 Sysaid | 1 Sysaid | 2026-06-17 | 5.8 MEDIUM | 4.6 MEDIUM |
| Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | |||||
| CVE-2022-21651 | 1 Shopware | 1 Shopware | 2026-06-17 | 5.8 MEDIUM | 6.8 MEDIUM |
| Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible. | |||||
| CVE-2022-20794 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20634 | 1 Cisco | 1 Enterprise Chat And Email | 2026-06-17 | N/A | 4.7 MEDIUM |
| A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2022-1774 | 1 Diagrams | 1 Drawio | 2026-06-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
| CVE-2022-1702 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2026-06-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. | |||||
| CVE-2022-1254 | 1 Mcafee | 1 Web Gateway | 2026-06-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy. | |||||
| CVE-2022-1233 | 1 Uri.js Project | 1 Uri.js | 2026-06-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. | |||||
| CVE-2022-1230 | 1 Samsung | 2 Galaxy S21, Galaxy S21 Firmware | 2026-06-17 | N/A | 3.9 LOW |
| This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. Was ZDI-CAN-15918. | |||||
| CVE-2022-1209 | 1 Ultimatemember | 1 Ultimate Member | 2026-06-17 | 3.5 LOW | 4.3 MEDIUM |
| The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1. | |||||
| CVE-2022-1058 | 1 Gitea | 1 Gitea | 2026-06-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. | |||||