Total
1017 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8386 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-10-30 | N/A | 6.1 MEDIUM |
| If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | |||||
| CVE-2024-7941 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-10-30 | N/A | 4.3 MEDIUM |
| An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | |||||
| CVE-2022-45169 | 1 Liveboxcloud | 1 Vdesk | 2024-10-30 | N/A | 5.4 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link. | |||||
| CVE-2024-6149 | 2024-10-29 | N/A | N/A | ||
| Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5 | |||||
| CVE-2024-25676 | 2024-10-29 | N/A | 4.7 MEDIUM | ||
| An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading. | |||||
| CVE-2024-50463 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-10-29 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. | |||||
| CVE-2024-0953 | 1 Mozilla | 1 Firefox | 2024-10-27 | N/A | 6.1 MEDIUM |
| When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129. | |||||
| CVE-2024-49682 | 2024-10-25 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3. | |||||
| CVE-2024-46326 | 2024-10-23 | N/A | 6.1 MEDIUM | ||
| Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function. | |||||
| CVE-2024-43543 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-10-17 | N/A | 6.8 MEDIUM |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-28799 | 1 Zscaler | 1 Client Connector | 2024-10-17 | N/A | 6.1 MEDIUM |
| A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. | |||||
| CVE-2024-43536 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-10-16 | N/A | 6.8 MEDIUM |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-38037 | 1 Esri | 1 Portal For Arcgis | 2024-10-15 | N/A | 6.1 MEDIUM |
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | |||||
| CVE-2024-47354 | 2024-10-15 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership After Login Redirection.This issue affects Simple Membership After Login Redirection: from n/a through 1.6. | |||||
| CVE-2024-47353 | 2024-10-15 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2. | |||||
| CVE-2024-46886 | 2024-10-10 | N/A | 4.7 MEDIUM | ||
| The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. | |||||
| CVE-2024-0250 | 1 Deconf | 1 Analytics Insights | 2024-10-09 | N/A | 6.1 MEDIUM |
| The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2023-3922 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 7.1 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page. | |||||
| CVE-2024-8148 | 2024-10-07 | N/A | 6.1 MEDIUM | ||
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 10.8.1 - 11.2 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | |||||
| CVE-2024-47646 | 2024-10-07 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1. | |||||