Total
1209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23086 | 2025-03-22 | 6.1 Medium | ||
| On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect. | ||||
| CVE-2023-27292 | 1 Opencats | 1 Opencats | 2025-03-21 | 5.4 Medium |
| An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. | ||||
| CVE-2024-10812 | 2025-03-20 | N/A | ||
| An open redirect vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing attacks, distribute malware, and steal user credentials. | ||||
| CVE-2023-23853 | 1 Sap | 1 Netweaver Application Server Abap | 2025-03-20 | 6.1 Medium |
| An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability. | ||||
| CVE-2023-23855 | 1 Sap | 1 Solution Manager | 2025-03-20 | 6.5 Medium |
| SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability. | ||||
| CVE-2023-23860 | 1 Sap | 1 Netweaver Application Server Abap | 2025-03-20 | 6.1 Medium |
| SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. | ||||
| CVE-2024-11044 | 2025-03-20 | N/A | ||
| An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute malware, and steal user credentials. | ||||
| CVE-2024-10908 | 2025-03-20 | N/A | ||
| An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft. | ||||
| CVE-2024-9308 | 2025-03-20 | N/A | ||
| An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft. | ||||
| CVE-2019-6781 | 1 Gitlab | 1 Gitlab | 2025-03-20 | 7.5 High |
| An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails. | ||||
| CVE-2024-8897 | 2 Google, Mozilla | 2 Android, Firefox | 2025-03-19 | 6.1 Medium |
| Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1. | ||||
| CVE-2022-0637 | 1 Mozilla | 1 Pollbot | 2025-03-19 | 6.1 Medium |
| open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6 | ||||
| CVE-2025-21512 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-17 | 6.1 Medium |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2024-3032 | 1 Themify | 1 Builder | 2025-03-17 | 6.1 Medium |
| Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | ||||
| CVE-2024-6289 | 1 Wpserveur | 1 Wps Hide Login | 2025-03-17 | 6.1 Medium |
| The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. | ||||
| CVE-2021-38000 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2025-03-12 | 6.1 Medium |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | ||||
| CVE-2022-46784 | 1 Squaredup | 1 Dashboard Server | 2025-03-12 | 6.1 Medium |
| SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. (The issue was originally found in 5.5.1 GA.) | ||||
| CVE-2025-28896 | 2025-03-12 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0. | ||||
| CVE-2025-21401 | 2025-03-12 | 4.5 Medium | ||
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
| CVE-2025-1015 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2025-03-10 | 5.4 Medium |
| The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135. | ||||