Total
977 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-30140 | 2024-11-08 | N/A | 5.4 MEDIUM | ||
HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page. | |||||
CVE-2024-25566 | 1 Forgerock | 1 Access Management | 2024-11-08 | N/A | 6.1 MEDIUM |
An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks | |||||
CVE-2024-48463 | 2024-11-06 | N/A | 6.5 MEDIUM | ||
Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer. | |||||
CVE-2024-21684 | 2024-11-05 | N/A | 3.1 LOW | ||
There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the supported fixed versions. | |||||
CVE-2024-8883 | 1 Redhat | 6 Build Of Keycloak, Openshift Container Platform, Openshift Container Platform For Ibm Z and 3 more | 2024-11-05 | N/A | 6.1 MEDIUM |
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking. | |||||
CVE-2024-27184 | 2024-11-04 | N/A | 6.1 MEDIUM | ||
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.. | |||||
CVE-2024-25559 | 2024-11-01 | N/A | 4.7 MEDIUM | ||
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log. | |||||
CVE-2024-22248 | 2024-11-01 | N/A | 7.1 HIGH | ||
VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | |||||
CVE-2024-43683 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-11-01 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0. | |||||
CVE-2024-2465 | 2024-10-31 | N/A | 7.1 HIGH | ||
Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. | |||||
CVE-2024-42930 | 2024-10-30 | N/A | 6.1 MEDIUM | ||
PbootCMS 3.2.8 is vulnerable to URL Redirect. | |||||
CVE-2024-8386 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-10-30 | N/A | 6.1 MEDIUM |
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | |||||
CVE-2024-7941 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-10-30 | N/A | 4.3 MEDIUM |
An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | |||||
CVE-2022-45169 | 1 Liveboxcloud | 1 Vdesk | 2024-10-30 | N/A | 5.4 MEDIUM |
An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link. | |||||
CVE-2024-6149 | 2024-10-29 | N/A | N/A | ||
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5 | |||||
CVE-2024-25676 | 2024-10-29 | N/A | 4.7 MEDIUM | ||
An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading. | |||||
CVE-2024-50463 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-10-29 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. | |||||
CVE-2024-0953 | 1 Mozilla | 1 Firefox | 2024-10-27 | N/A | 6.1 MEDIUM |
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129. | |||||
CVE-2024-49682 | 2024-10-25 | N/A | 4.7 MEDIUM | ||
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3. | |||||
CVE-2024-46326 | 2024-10-23 | N/A | 6.1 MEDIUM | ||
Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function. |