Total
1102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30140 | 2024-11-08 | N/A | 5.4 MEDIUM | ||
| HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page. | |||||
| CVE-2024-25566 | 1 Forgerock | 1 Access Management | 2024-11-08 | N/A | 6.1 MEDIUM |
| An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks | |||||
| CVE-2024-27184 | 2024-11-04 | N/A | 6.1 MEDIUM | ||
| Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.. | |||||
| CVE-2024-43683 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-11-01 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0. | |||||
| CVE-2024-42930 | 2024-10-30 | N/A | 6.1 MEDIUM | ||
| PbootCMS 3.2.8 is vulnerable to URL Redirect. | |||||
| CVE-2024-8386 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-10-30 | N/A | 6.1 MEDIUM |
| If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | |||||
| CVE-2024-7941 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-10-30 | N/A | 4.3 MEDIUM |
| An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | |||||
| CVE-2024-50463 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-10-29 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. | |||||
| CVE-2024-46326 | 2024-10-23 | N/A | 6.1 MEDIUM | ||
| Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function. | |||||
| CVE-2024-43543 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-10-17 | N/A | 6.8 MEDIUM |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-43536 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-10-16 | N/A | 6.8 MEDIUM |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-38037 | 1 Esri | 1 Portal For Arcgis | 2024-10-15 | N/A | 6.1 MEDIUM |
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | |||||
| CVE-2024-47354 | 2024-10-15 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership After Login Redirection.This issue affects Simple Membership After Login Redirection: from n/a through 1.6. | |||||
| CVE-2024-47353 | 2024-10-15 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2. | |||||
| CVE-2024-46886 | 2024-10-10 | N/A | 4.7 MEDIUM | ||
| The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. | |||||
| CVE-2024-45247 | 2024-10-07 | N/A | 6.1 MEDIUM | ||
| Sonarr – CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | |||||
| CVE-2024-47646 | 2024-10-07 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1. | |||||
| CVE-2024-9266 | 2024-10-04 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0. | |||||
| CVE-2024-7260 | 1 Redhat | 2 Build Of Keycloak, Keycloak | 2024-10-01 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks. Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain. | |||||
| CVE-2024-45981 | 2024-09-30 | N/A | 8.8 HIGH | ||
| A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. | |||||