Export limit exceeded: 344892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1453 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21641 | 1 Flarum | 1 Flarum | 2025-06-03 | 6.5 Medium |
| Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe. | ||||
| CVE-2024-21723 | 1 Joomla | 1 Joomla\! | 2025-06-02 | 4.3 Medium |
| Inadequate parsing of URLs could result into an open redirect. | ||||
| CVE-2023-35791 | 1 Vound-software | 1 Intella Connect | 2025-05-30 | 6.1 Medium |
| Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability. | ||||
| CVE-2024-0854 | 1 Synology | 1 Diskstation Manager | 2025-05-30 | 5.4 Medium |
| URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | ||||
| CVE-2025-47854 | 1 Jetbrains | 1 Teamcity | 2025-05-28 | 4.3 Medium |
| In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page | ||||
| CVE-2024-51321 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-05-28 | 7.6 High |
| In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication. | ||||
| CVE-2023-50771 | 1 Jenkins | 1 Openid Connect Authentication | 2025-05-28 | 6.1 Medium |
| Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | ||||
| CVE-2022-40754 | 1 Apache | 1 Airflow | 2025-05-27 | 6.1 Medium |
| In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. | ||||
| CVE-2023-50456 | 1 Zammad | 1 Zammad | 2025-05-27 | 5.3 Medium |
| An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name. | ||||
| CVE-2023-48928 | 1 Franklin-electric | 1 System Sentinel Anyware | 2025-05-27 | 6.1 Medium |
| Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | ||||
| CVE-2022-28977 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2025-05-27 | 6.1 Medium |
| HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. | ||||
| CVE-2024-33661 | 1 Portainer | 1 Portainer | 2025-05-21 | 9.1 Critical |
| Portainer before 2.20.0 allows redirects when the target is not index.yaml. | ||||
| CVE-2022-40083 | 1 Labstack | 1 Echo | 2025-05-21 | 9.6 Critical |
| Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). | ||||
| CVE-2022-41204 | 1 Sap | 1 Commerce | 2025-05-20 | 8.8 High |
| An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system. | ||||
| CVE-2024-4900 | 1 Seopress | 1 Seopress | 2025-05-19 | 6.1 Medium |
| The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post | ||||
| CVE-2021-33331 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 6.1 Medium |
| Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter. | ||||
| CVE-2025-32970 | 1 Xwiki | 1 Xwiki | 2025-05-13 | 6.1 Medium |
| XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that redirects to any URL. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0. | ||||
| CVE-2024-25559 | 1 Appleple | 1 A-blog Cms | 2025-05-13 | 4.7 Medium |
| URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log. | ||||
| CVE-2023-34020 | 1 Uncannyowl | 1 Uncanny Toolkit For Learndash | 2025-05-13 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3. | ||||
| CVE-2024-22891 | 1 Nteract | 1 Nteract | 2025-05-13 | 9.8 Critical |
| Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link. | ||||