Total
1102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22244 | 1 Linuxfoundation | 1 Harbor | 2025-02-26 | N/A | 4.3 MEDIUM |
| Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. | |||||
| CVE-2023-0876 | 1 Joomunited | 1 Wp Meta Seo | 2025-02-26 | N/A | 6.1 MEDIUM |
| The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability. | |||||
| CVE-2024-13888 | 1 Amauri | 1 Wpmobile.app | 2025-02-25 | N/A | 7.2 HIGH |
| The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2024-28113 | 1 Peering-manager | 1 Peering Manager | 2025-02-20 | N/A | 3.5 LOW |
| Peering Manager is a BGP session management tool. In Peering Manager <=1.8.2, it is possible to redirect users to an arbitrary page using a crafted url. As a result users can be redirected to an unexpected location. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-25300 | 2025-02-18 | N/A | N/A | ||
| smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner `View` link and navigating to 3rd party page leaves `window.opener` exposed. It may allow hostile third parties to abuse `window.opener`, e.g. by redirection or injection on the original page with smartbanner. `rel="noopener"` is automatically populated to links as of `v1.14.1` which is a recommended upgrade to resolve the vulnerability. Some workarounds are available for those who cannot upgrade. Ensure `View` link is only taking users to App Store or Google Play Store where security is guarded by respective app store security teams. If `View` link is going to a third party page, limit smartbanner.js to be used on iOS that decreases the scope of the vulnerability since as of Safari 12.1, `rel="noopener"` is imposed on all `target="_blank"` links. Version 1.14.1 of smartbanner.js contains a fix for the issue. | |||||
| CVE-2025-21401 | 2025-02-18 | N/A | 4.5 MEDIUM | ||
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2025-1269 | 2025-02-18 | N/A | 4.8 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing.This issue affects Liman MYS: before 2.1.1 - 1010. | |||||
| CVE-2024-57241 | 2025-02-18 | N/A | 6.5 MEDIUM | ||
| Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection. | |||||
| CVE-2025-24020 | 1 Wegia | 1 Wegia | 2025-02-13 | N/A | 6.1 MEDIUM |
| WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue. | |||||
| CVE-2024-22262 | 2025-02-13 | N/A | 8.1 HIGH | ||
| Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input. | |||||
| CVE-2024-22259 | 2025-02-13 | N/A | 8.1 HIGH | ||
| Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input. | |||||
| CVE-2024-22243 | 2025-02-13 | N/A | 8.1 HIGH | ||
| Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. | |||||
| CVE-2012-0518 | 1 Oracle | 1 Fusion Middleware | 2025-02-12 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175. | |||||
| CVE-2025-25198 | 2025-02-12 | N/A | 7.1 HIGH | ||
| mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the `Host HTTP` header to generate a password reset link pointing to an attacker-controlled domain. This can lead to account takeover if a user clicks the poisoned link. Version 2025-01a contains a patch. As a workaround, deactivate the password reset functionality by clearing `Notification email sender` and `Notification email subject` under System -> Configuration -> Options -> Password Settings. | |||||
| CVE-2024-34071 | 1 Umbraco | 1 Umbraco Cms | 2025-02-12 | N/A | 6.1 MEDIUM |
| Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1. | |||||
| CVE-2025-24868 | 2025-02-11 | N/A | 7.1 HIGH | ||
| The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirect URL validation. On successful exploitation attacker can cause limited impact on confidentiality, integrity, and availability of the system. | |||||
| CVE-2024-28076 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | N/A | 7.0 HIGH |
| The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format | |||||
| CVE-2025-24741 | 1 Logon | 1 Kb Support | 2025-02-10 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7. | |||||
| CVE-2022-46886 | 1 Servicenow | 1 Servicenow | 2025-02-06 | N/A | 5.5 MEDIUM |
| There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain. | |||||
| CVE-2024-38485 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | N/A | 4.3 MEDIUM |
| Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage. | |||||