Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-21723 | 2024-02-29 | N/A | N/A | ||
Inadequate parsing of URLs could result into an open redirect. | |||||
CVE-2023-40602 | 1 Doofinder | 1 Doofinder | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49. | |||||
CVE-2023-5610 | 1 S-sols | 1 Seraphinite Accelerator | 2024-02-28 | N/A | 5.4 MEDIUM |
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect | |||||
CVE-2023-46624 | 1 Parcelpro | 1 Parcel Pro | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro.This issue affects Parcel Pro: from n/a through 1.6.11. | |||||
CVE-2023-48815 | 1 Keking | 1 Kkfileview | 2024-02-28 | N/A | 6.1 MEDIUM |
kkFileView v4.3.0 is vulnerable to Incorrect Access Control. | |||||
CVE-2023-48325 | 1 Pluginops | 1 Landing Page Builder | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5. | |||||
CVE-2023-41648 | 1 Swapnilpatil | 1 Login And Logout Redirect | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Patil Login and Logout Redirect.This issue affects Login and Logout Redirect: from n/a through 2.0.3. | |||||
CVE-2023-31237 | 1 Zephyr Project Manager Project | 1 Zephyr Project Manager | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9. | |||||
CVE-2023-6927 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-02-28 | N/A | 6.1 MEDIUM |
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134. | |||||
CVE-2024-22400 | 1 Nextcloud | 1 Sso \& Saml Authentication | 2024-02-28 | N/A | 6.1 MEDIUM |
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue. | |||||
CVE-2023-26159 | 1 Follow-redirects | 1 Follow Redirects | 2024-02-28 | N/A | 6.1 MEDIUM |
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | |||||
CVE-2023-47779 | 1 Crmperks | 1 Integration For Constant Contact And Contact Form 7\, Wpforms\, Elementor\, Ninja | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. | |||||
CVE-2023-47548 | 1 Softlabbd | 1 Integrate Google Drive | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2. | |||||
CVE-2024-22113 | 1 Anglers-net | 1 Cgi An-anlyzer | 2024-02-28 | N/A | 6.1 MEDIUM |
Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL. | |||||
CVE-2023-50771 | 1 Jenkins | 1 Openid | 2024-02-28 | N/A | 6.1 MEDIUM |
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
CVE-2023-49438 | 1 Flask-security-too Project | 1 Flask-security-too | 2024-02-28 | N/A | 6.1 MEDIUM |
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. | |||||
CVE-2023-42502 | 1 Apache | 1 Superset | 2024-02-28 | N/A | 5.4 MEDIUM |
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0. | |||||
CVE-2020-17484 | 1 Uffizio | 1 Gps Tracker | 2024-02-28 | N/A | 6.1 MEDIUM |
An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain. | |||||
CVE-2024-25715 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2024-02-28 | N/A | 6.1 MEDIUM |
Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. | |||||
CVE-2023-51675 | 1 Vasyltech | 1 Advanced Access Manager | 2024-02-28 | N/A | 5.4 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18. |