Total
1050 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15774 | 1 Booking Project | 1 Booking | 2024-08-05 | N/A |
| The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | ||||
| CVE-2019-15775 | 1 Learning Courses Project | 1 Learning Courses | 2024-08-05 | N/A |
| The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | ||||
| CVE-2019-15776 | 1 Webcraftic | 1 Simple 301 Redirects-addon-bulk Uploader | 2024-08-05 | N/A |
| The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. | ||||
| CVE-2019-15041 | 1 Jetbrains | 1 Youtrack | 2024-08-05 | 6.1 Medium |
| JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere. | ||||
| CVE-2019-14912 | 1 Prise | 1 Adas | 2024-08-05 | 6.1 Medium |
| An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie. | ||||
| CVE-2019-14882 | 1 Moodle | 1 Moodle | 2024-08-05 | 6.1 Medium |
| A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page. | ||||
| CVE-2019-14857 | 2 Openidc, Redhat | 2 Mod Auth Openidc, Enterprise Linux | 2024-08-05 | 6.1 Medium |
| A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon. | ||||
| CVE-2019-14830 | 1 Moodle | 1 Moodle | 2024-08-05 | 6.1 Medium |
| A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app"). | ||||
| CVE-2019-14831 | 1 Moodle | 1 Moodle | 2024-08-05 | 6.1 Medium |
| A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect. | ||||
| CVE-2019-14403 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | ||||
| CVE-2019-14223 | 1 Alfresco | 1 Alfresco | 2024-08-05 | 6.1 Medium |
| An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). | ||||
| CVE-2019-13422 | 1 Search-guard | 1 Search Guard | 2024-08-04 | N/A |
| Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. | ||||
| CVE-2019-13175 | 1 Readthedocs | 1 Read The Docs | 2024-08-04 | N/A |
| Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. This affects private instances of Read the Docs (in addition to the public readthedocs.org web sites). | ||||
| CVE-2019-13038 | 5 Canonical, Fedoraproject, Mod Auth Mellon Project and 2 more | 5 Ubuntu Linux, Fedora, Mod Auth Mellon and 2 more | 2024-08-04 | 6.1 Medium |
| mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. | ||||
| CVE-2019-12783 | 1 Verint | 1 Impact 360 | 2024-08-04 | 6.1 Medium |
| An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site. | ||||
| CVE-2019-11016 | 1 Elgg | 1 Elgg | 2024-08-04 | N/A |
| Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. | ||||
| CVE-2019-10955 | 1 Rockwellautomation | 11 Compactlogix 5370 L1, Compactlogix 5370 L1 Firmware, Compactlogix 5370 L2 and 8 more | 2024-08-04 | N/A |
| In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine. | ||||
| CVE-2019-10856 | 1 Jupyter | 1 Notebook | 2024-08-04 | N/A |
| In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. | ||||
| CVE-2019-10751 | 1 Httpie | 1 Httpie | 2024-08-04 | N/A |
| All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. | ||||
| CVE-2019-10721 | 1 Dotnetblogengine | 1 Blogengine.net | 2024-08-04 | N/A |
| BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx. | ||||