Total
1252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27592 | 1 Corezoid | 1 Corezoid | 2025-06-17 | N/A | 4.3 MEDIUM |
| Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL. | |||||
| CVE-2023-26159 | 1 Follow-redirects | 1 Follow Redirects | 2025-06-17 | N/A | 7.3 HIGH |
| Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | |||||
| CVE-2024-28344 | 1 Sipwise | 1 Next Generation Communication Platform | 2025-06-17 | N/A | 3.1 LOW |
| An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL. | |||||
| CVE-2024-25715 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2025-06-16 | N/A | 6.1 MEDIUM |
| Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. | |||||
| CVE-2024-24034 | 1 Setorinformatica | 1 S.i.l | 2025-06-16 | N/A | 6.1 MEDIUM |
| Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code. | |||||
| CVE-2025-6089 | 2025-06-16 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code of the file atCheckJS.aspx. The manipulation of the argument ref leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-26394 | 2025-06-12 | N/A | 4.8 MEDIUM | ||
| SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | |||||
| CVE-2024-6690 | 1 Wp-buy | 1 Wp Content Copy Protection \& No Right Click | 2025-06-11 | N/A | 6.1 MEDIUM |
| The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites | |||||
| CVE-2024-22259 | 2 Netapp, Vmware | 2 Active Iq Unified Manager, Spring Framework | 2025-06-10 | N/A | 8.1 HIGH |
| Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input. | |||||
| CVE-2025-30954 | 2025-06-06 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin allows Phishing. This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through 1.1.0. | |||||
| CVE-2025-49325 | 2025-06-06 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Automattic Newspack Newsletters allows Phishing. This issue affects Newspack Newsletters: from n/a through 3.13.0. | |||||
| CVE-2025-30953 | 2025-06-06 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce allows Phishing. This issue affects WP Gravity Forms Salesforce: from n/a through 1.4.7. | |||||
| CVE-2024-27184 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 6.1 MEDIUM |
| Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.. | |||||
| CVE-2025-48936 | 1 Zitadel | 1 Zitadel | 2025-06-04 | N/A | 8.1 HIGH |
| Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. If an attacker can manipulate these headers (e.g., via host header injection), they could cause ZITADEL to generate a password reset link pointing to a malicious domain controlled by the attacker. If the user clicks this manipulated link in the email, the secret reset code embedded in the URL can be captured by the attacker. This captured code could then be used to reset the user's password and gain unauthorized access to their account. This specific attack vector is mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled. This issue has been patched in versions 2.70.12, 2.71.10, and 3.2.2. | |||||
| CVE-2025-5183 | 1 Summerpearlgroup | 1 Vacation Rental Management Platform | 2025-06-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as problematic. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument Host leads to open redirect. The attack may be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2023-50345 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-03 | N/A | 3.7 LOW |
| HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. | |||||
| CVE-2023-49394 | 1 Easycorp | 1 Zentao | 2025-06-03 | N/A | 6.1 MEDIUM |
| Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. | |||||
| CVE-2024-25676 | 2025-05-30 | N/A | 4.7 MEDIUM | ||
| An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading. | |||||
| CVE-2023-35791 | 1 Vound-software | 1 Intella Connect | 2025-05-30 | N/A | 6.1 MEDIUM |
| Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability. | |||||
| CVE-2025-5256 | 2025-05-29 | N/A | 5.4 MEDIUM | ||
| SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits. Open Redirection via returnUrl Parameter: An Open Redirection vulnerability exists in the /s/action/unlock/user.user/0 endpoint. The returnUrl parameter, intended for post-action redirection, is not properly validated. This allows an attacker to craft a URL that, when clicked by a user, redirects them to an arbitrary external website controlled by the attacker. MitigationUpdate Mautic to a version that properly validates or sanitizes the returnUrl parameter to ensure that redirects only occur to trusted, internal URLs or explicitly whitelisted domains. | |||||