Total
1176 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9308 | 2025-03-20 | N/A | ||
| An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft. | ||||
| CVE-2025-23363 | 2025-03-20 | 7.4 High | ||
| A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions), Teamcenter V2312 (All versions), Teamcenter V2406 (All versions), Teamcenter V2412 (All versions). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. | ||||
| CVE-2019-6781 | 1 Gitlab | 1 Gitlab | 2025-03-20 | 7.5 High |
| An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails. | ||||
| CVE-2024-8897 | 2 Google, Mozilla | 2 Android, Firefox | 2025-03-19 | 6.1 Medium |
| Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1. | ||||
| CVE-2022-0637 | 1 Mozilla | 1 Pollbot | 2025-03-19 | 6.1 Medium |
| open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6 | ||||
| CVE-2025-21512 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-17 | 6.1 Medium |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2024-3032 | 1 Themify | 1 Builder | 2025-03-17 | 6.1 Medium |
| Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | ||||
| CVE-2024-6289 | 1 Wpserveur | 1 Wps Hide Login | 2025-03-17 | 6.1 Medium |
| The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. | ||||
| CVE-2021-38000 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2025-03-12 | 6.1 Medium |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | ||||
| CVE-2022-46784 | 1 Squaredup | 1 Dashboard Server | 2025-03-12 | 6.1 Medium |
| SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. (The issue was originally found in 5.5.1 GA.) | ||||
| CVE-2025-28896 | 2025-03-12 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0. | ||||
| CVE-2025-21401 | 2025-03-12 | 4.5 Medium | ||
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
| CVE-2025-1015 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2025-03-10 | 5.4 Medium |
| The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135. | ||||
| CVE-2023-22432 | 1 Web2py | 1 Web2py | 2025-03-07 | 6.1 Medium |
| Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2022-2837 | 1 Coredns.io | 1 Coredns | 2025-03-07 | 6.1 Medium |
| A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD. | ||||
| CVE-2021-32805 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-03-07 | 7.2 High |
| Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround. | ||||
| CVE-2025-27625 | 2025-03-06 | 4.3 Medium | ||
| In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects. | ||||
| CVE-2023-22257 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-22258 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-22260 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||