Total
1163 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46826 | 2025-05-08 | N/A | N/A | ||
| insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal risk, was never exploited, and had limited impact. A fix was implemented promptly on May 3, 2025. | |||||
| CVE-2025-47644 | 2025-05-08 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in formsintegrations Integrations of Zoho CRM with Elementor form allows Phishing. This issue affects Integrations of Zoho CRM with Elementor form: from n/a through 1.0.7. | |||||
| CVE-2024-21065 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-05-08 | N/A | 6.1 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2025-4328 | 2025-05-07 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/web/MvcController.java of the component HTTP Header Handler. The manipulation of the argument Referer leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2025-46553 | 2025-05-05 | N/A | N/A | ||
| @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue. | |||||
| CVE-2024-0337 | 1 Travelpayouts | 1 Travelpayouts | 2025-05-05 | N/A | 6.1 MEDIUM |
| The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2022-23599 | 1 Plone | 1 Plone | 2025-05-05 | 2.6 LOW | 4.3 MEDIUM |
| Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory. | |||||
| CVE-2022-43985 | 1 Apache | 1 Airflow | 2025-05-02 | N/A | 6.1 MEDIUM |
| In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint. | |||||
| CVE-2022-3486 | 1 Gitlab | 1 Gitlab | 2025-05-01 | N/A | 4.7 MEDIUM |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. | |||||
| CVE-2022-3280 | 1 Gitlab | 1 Gitlab | 2025-05-01 | N/A | 3.5 LOW |
| An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. | |||||
| CVE-2022-37927 | 1 Hpe | 1 Oneview Global Dashboard | 2025-05-01 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). | |||||
| CVE-2022-44560 | 2025-05-01 | N/A | 5.3 MEDIUM | ||
| The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. | |||||
| CVE-2022-45402 | 1 Apache | 1 Airflow | 2025-04-30 | N/A | 6.1 MEDIUM |
| In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint. | |||||
| CVE-2021-22141 | 1 Elastic | 1 Kibana | 2025-04-29 | N/A | 6.1 MEDIUM |
| An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website. | |||||
| CVE-2025-39404 | 2025-04-29 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Heateor Support Sassy Social Share allows Phishing. This issue affects Sassy Social Share: from n/a through 3.3.73. | |||||
| CVE-2025-2068 | 2025-04-29 | N/A | 5.0 MEDIUM | ||
| An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user. | |||||
| CVE-2024-46331 | 1 Modstart | 1 Mostartcms | 2025-04-28 | N/A | 7.2 HIGH |
| ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted URL. | |||||
| CVE-2024-24291 | 1 Yzmcms | 1 Yzmcms | 2025-04-24 | N/A | 6.1 MEDIUM |
| An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. | |||||
| CVE-2024-55452 | 1 Ujcms | 1 Ujcms | 2025-04-24 | N/A | 5.4 MEDIUM |
| A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage. | |||||
| CVE-2022-43479 | 1 Ss-proj | 1 Shirasagi | 2025-04-24 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. | |||||