Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23860 | 1 Sap | 1 Netweaver Application Server Abap | 2025-03-20 | 6.1 Medium |
| SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. | ||||
| CVE-2024-11044 | 2025-03-20 | N/A | ||
| An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute malware, and steal user credentials. | ||||
| CVE-2024-12760 | 2025-03-20 | N/A | ||
| An open redirect vulnerability in bentoml/bentoml v1.3.9 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft. | ||||
| CVE-2024-10908 | 2025-03-20 | N/A | ||
| An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft. | ||||
| CVE-2024-9308 | 2025-03-20 | N/A | ||
| An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft. | ||||
| CVE-2025-23363 | 2025-03-20 | 7.4 High | ||
| A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions), Teamcenter V2312 (All versions), Teamcenter V2406 (All versions), Teamcenter V2412 (All versions). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. | ||||
| CVE-2023-3922 | 1 Gitlab | 1 Gitlab | 2025-03-20 | 3 Low |
| An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page. | ||||
| CVE-2019-6781 | 1 Gitlab | 1 Gitlab | 2025-03-20 | 7.5 High |
| An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails. | ||||
| CVE-2024-8897 | 2 Google, Mozilla | 2 Android, Firefox | 2025-03-19 | 6.1 Medium |
| Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1. | ||||
| CVE-2022-0637 | 1 Mozilla | 1 Pollbot | 2025-03-19 | 6.1 Medium |
| open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6 | ||||
| CVE-2025-21512 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-17 | 6.1 Medium |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2024-3032 | 1 Themify | 1 Builder | 2025-03-17 | 6.1 Medium |
| Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | ||||
| CVE-2023-22298 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin 4 | 2025-03-17 | 6.1 Medium |
| Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | ||||
| CVE-2024-6289 | 1 Wpserveur | 1 Wps Hide Login | 2025-03-17 | 6.1 Medium |
| The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. | ||||
| CVE-2025-21104 | 2025-03-13 | 4.3 Medium | ||
| Dell NetWorker, 19.11.0.3 and below versions, contain(s) an Open Redirect Vulnerability in NMC. An unauthenticated attacker with remoter access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. | ||||
| CVE-2024-7211 | 1 1e | 1 Platform | 2025-03-13 | 4.7 Medium |
| The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix. | ||||
| CVE-2021-38000 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2025-03-12 | 6.1 Medium |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | ||||
| CVE-2022-46784 | 1 Squaredup | 1 Dashboard Server | 2025-03-12 | 6.1 Medium |
| SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. (The issue was originally found in 5.5.1 GA.) | ||||
| CVE-2025-28896 | 2025-03-12 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0. | ||||
| CVE-2025-21401 | 2025-03-12 | 4.5 Medium | ||
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||