Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46886 | 2025-03-11 | 4.7 Medium | ||
| The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. | ||||
| CVE-2025-1015 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2025-03-10 | 5.4 Medium |
| The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135. | ||||
| CVE-2023-22432 | 1 Web2py | 1 Web2py | 2025-03-07 | 6.1 Medium |
| Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2022-2837 | 1 Coredns.io | 1 Coredns | 2025-03-07 | 6.1 Medium |
| A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD. | ||||
| CVE-2022-24776 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-03-07 | 6.1 Medium |
| Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds. | ||||
| CVE-2021-32805 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-03-07 | 7.2 High |
| Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround. | ||||
| CVE-2025-27625 | 2025-03-06 | 4.3 Medium | ||
| In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects. | ||||
| CVE-2023-22257 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-22258 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-22260 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-22261 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-22262 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-22263 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-22264 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-22266 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-29307 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2025-27426 | 2025-03-04 | 5.4 Medium | ||
| Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136. | ||||
| CVE-2025-27424 | 2025-03-04 | 4.3 Medium | ||
| Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136. | ||||
| CVE-2024-11955 | 1 Glpi-project | 1 Glpi | 2025-03-04 | 4.3 Medium |
| A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-54957 | 2025-03-03 | 6.1 Medium | ||
| Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without their consent. | ||||