Vulnerabilities (CVE)

Filtered by CWE-601
Total 977 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-30140 2024-11-08 N/A 5.4 MEDIUM
HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.
CVE-2024-25566 1 Forgerock 1 Access Management 2024-11-08 N/A 6.1 MEDIUM
An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks
CVE-2024-48463 2024-11-06 N/A 6.5 MEDIUM
Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer.
CVE-2024-21684 2024-11-05 N/A 3.1 LOW
There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the supported fixed versions.
CVE-2024-8883 1 Redhat 6 Build Of Keycloak, Openshift Container Platform, Openshift Container Platform For Ibm Z and 3 more 2024-11-05 N/A 6.1 MEDIUM
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
CVE-2024-27184 2024-11-04 N/A 6.1 MEDIUM
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..
CVE-2024-25559 2024-11-01 N/A 4.7 MEDIUM
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
CVE-2024-22248 2024-11-01 N/A 7.1 HIGH
VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
CVE-2024-43683 1 Microchip 2 Timeprovider 4100, Timeprovider 4100 Firmware 2024-11-01 N/A 6.1 MEDIUM
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.
CVE-2024-2465 2024-10-31 N/A 7.1 HIGH
Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1.
CVE-2024-42930 2024-10-30 N/A 6.1 MEDIUM
PbootCMS 3.2.8 is vulnerable to URL Redirect.
CVE-2024-8386 1 Mozilla 2 Firefox, Firefox Esr 2024-10-30 N/A 6.1 MEDIUM
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
CVE-2024-7941 1 Hitachienergy 1 Microscada X Sys600 2024-10-30 N/A 4.3 MEDIUM
An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CVE-2022-45169 1 Liveboxcloud 1 Vdesk 2024-10-30 N/A 5.4 MEDIUM
An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.
CVE-2024-6149 2024-10-29 N/A N/A
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5
CVE-2024-25676 2024-10-29 N/A 4.7 MEDIUM
An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading.
CVE-2024-50463 1 Sunshinephotocart 1 Sunshine Photo Cart 2024-10-29 N/A 6.1 MEDIUM
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.
CVE-2024-0953 1 Mozilla 1 Firefox 2024-10-27 N/A 6.1 MEDIUM
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.
CVE-2024-49682 2024-10-25 N/A 4.7 MEDIUM
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3.
CVE-2024-46326 2024-10-23 N/A 6.1 MEDIUM
Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function.