Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0868 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 6.1 Medium |
| Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. | ||||
| CVE-2022-0697 | 1 Archivy Project | 1 Archivy | 2024-11-21 | 6.1 Medium |
| Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. | ||||
| CVE-2022-0692 | 1 Alltube Project | 1 Alltube | 2024-11-21 | 6.1 Medium |
| Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. | ||||
| CVE-2022-0645 | 1 Posthog | 1 Posthog | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1. | ||||
| CVE-2022-0597 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0560 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0283 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.7 Medium |
| An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL. | ||||
| CVE-2022-0235 | 4 Debian, Node-fetch Project, Redhat and 1 more | 14 Debian Linux, Node-fetch, Acm and 11 more | 2024-11-21 | 6.1 Medium |
| node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2022-0165 | 1 King-theme | 1 Kingcomposer | 2024-11-21 | 6.1 Medium |
| The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users | ||||
| CVE-2022-0122 | 1 Digitalbazaar | 1 Forge | 2024-11-21 | 6.1 Medium |
| forge is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-4260 | 1 Oils-js Project | 1 Oils-js | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216268. | ||||
| CVE-2021-4000 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 6.1 Medium |
| showdoc is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-46898 | 1 Vonautomatisch | 1 Django Grappelli | 2024-11-21 | 6.1 Medium |
| views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack. | ||||
| CVE-2021-46379 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-11-21 | 6.1 Medium |
| DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. | ||||
| CVE-2021-46366 | 1 Magnolia-cms | 1 Magnolia Cms | 2024-11-21 | 8.8 High |
| An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | ||||
| CVE-2021-45408 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 6.1 Medium |
| Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter. | ||||
| CVE-2021-45328 | 1 Gitea | 1 Gitea | 2024-11-21 | 6.1 Medium |
| Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. | ||||
| CVE-2021-44528 | 1 Rubyonrails | 1 Rails | 2024-11-21 | 6.1 Medium |
| A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. | ||||
| CVE-2021-44054 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 4.3 Medium |
| An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later | ||||
| CVE-2021-43812 | 1 Auth0 | 1 Nextjs-auth0 | 2024-11-21 | 6.4 Medium |
| The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | ||||