Total
966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24776 | 1 Flask-appbuilder Project | 1 Flask-appbuilder | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds. | |||||
| CVE-2022-1019 | 1 Automatedlogic | 1 Webctrl Server | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file. | |||||
| CVE-2022-26326 | 1 Microfocus | 1 Netiq Access Manager | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 | |||||
| CVE-2021-29217 | 1 Hpe | 1 Oneview Global Dashboard | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | |||||
| CVE-2022-25196 | 1 Jenkins | 1 Gitlab Authentication | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. | |||||
| CVE-2021-46379 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. | |||||
| CVE-2022-0692 | 1 Alltube Project | 1 Alltube | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. | |||||
| CVE-2022-2250 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. | |||||
| CVE-2021-32478 | 1 Moodle | 1 Moodle | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. | |||||
| CVE-2022-27461 | 1 Nopcommerce | 1 Nopcommerce | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. | |||||
| CVE-2022-24887 | 1 Nextcloud | 1 Talk | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds. | |||||
| CVE-2022-1702 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. | |||||
| CVE-2020-14118 | 1 Mi | 1 Mi App Store | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps. | |||||
| CVE-2021-46366 | 1 Magnolia-cms | 1 Magnolia Cms | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | |||||
| CVE-2022-1774 | 1 Diagrams | 1 Draw.io | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
| CVE-2017-20119 | 1 Trueconf | 1 Server | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-0283 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL. | |||||
| CVE-2022-27256 | 1 Hubzilla | 1 Hubzilla | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | |||||
| CVE-2022-0560 | 1 Microweber | 1 Microweber | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-23078 | 1 Habitica | 1 Habitica | 2024-02-04 | 5.8 MEDIUM | N/A |
| In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page. | |||||