Total
999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4882 | 2024-07-09 | N/A | N/A | ||
| The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions. | |||||
| CVE-2024-37234 | 2024-07-08 | N/A | 3.5 LOW | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. | |||||
| CVE-2024-4704 | 1 Rocklobster | 1 Contact Form 7 | 2024-07-03 | N/A | 6.1 MEDIUM |
| The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. | |||||
| CVE-2024-33661 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
| Portainer before 2.20.0 allows redirects when the target is not index.yaml. | |||||
| CVE-2024-28344 | 2024-07-03 | N/A | 3.1 LOW | ||
| An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL. | |||||
| CVE-2024-26504 | 2024-07-03 | N/A | 8.8 HIGH | ||
| An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. | |||||
| CVE-2024-22259 | 2024-07-03 | N/A | 8.1 HIGH | ||
| Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input. | |||||
| CVE-2024-3032 | 1 Themify | 1 Themify Builder | 2024-07-02 | N/A | 6.1 MEDIUM |
| Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | |||||
| CVE-2024-5936 | 2024-06-27 | N/A | 4.3 MEDIUM | ||
| An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability includes potential phishing attacks, malware distribution, and credential theft. | |||||
| CVE-2024-4604 | 2024-06-27 | N/A | 6.1 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO (Single Sign On) allows Manipulating Hidden Fields.This issue affects SSO (Single Sign On): from 1.0 before 1.1. | |||||
| CVE-2024-4940 | 2024-06-24 | N/A | 5.4 MEDIUM | ||
| An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. This issue is due to improper validation of user-supplied input in the handling of URLs. Attackers can exploit this vulnerability by crafting a malicious URL that, when processed by the application, redirects the user to an attacker-controlled web page. | |||||
| CVE-2024-22244 | 2024-06-11 | N/A | 4.3 MEDIUM | ||
| Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. | |||||
| CVE-2024-36406 | 2024-06-10 | N/A | 5.4 MEDIUM | ||
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-23664 | 2024-06-03 | N/A | 6.1 MEDIUM | ||
| A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL. | |||||
| CVE-2023-24892 | 1 Microsoft | 1 Edge Chromium | 2024-05-29 | N/A | 8.2 HIGH |
| Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | |||||
| CVE-2023-23395 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-05-29 | N/A | 3.1 LOW |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-24935 | 1 Microsoft | 1 Edge Chromium | 2024-05-29 | N/A | 6.1 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2024-34071 | 2024-05-21 | N/A | 6.1 MEDIUM | ||
| Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1. | |||||
| CVE-2024-0781 | 1 Martmbithi | 1 Internet Banking System | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability. | |||||
| CVE-2024-0545 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2024-05-17 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250714 is the identifier assigned to this vulnerability. | |||||