Total
1047 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29204 | 1 Xwiki | 1 Xwiki | 2024-08-02 | 4.7 Medium |
| XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1. | ||||
| CVE-2023-28874 | 1 Seafile | 1 Seafile | 2024-08-02 | 6.1 Medium |
| The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. | ||||
| CVE-2023-28628 | 1 Lambdaisland | 1 Uri | 2024-08-02 | 5.4 Medium |
| lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in question doesn't handle the backslash (`\`) character in the username correctly, leading to a wrong output. ex. a payload of `https://example.com\\@google.com` would return that the host is `google.com`, but the correct host should be `example.com`. Given that the library returns the wrong authority this may be abused to bypass host restrictions depending on how the library is used in an application. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-28370 | 2 Redhat, Tornadoweb | 2 Enterprise Linux, Tornado | 2024-08-02 | 6.1 Medium |
| Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. | ||||
| CVE-2023-28364 | 1 Brave | 1 Browser | 2024-08-02 | 6.1 Medium |
| An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. | ||||
| CVE-2023-28069 | 1 Dell | 1 Streaming Data Platform | 2024-08-02 | 6.1 Medium |
| Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks. | ||||
| CVE-2023-27292 | 1 Opencats | 1 Opencats | 2024-08-02 | 5.4 Medium |
| An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. | ||||
| CVE-2023-26494 | 1 Thethingsnetwork | 1 Lorawan-stack | 2024-08-02 | 6.1 Medium |
| lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix. | ||||
| CVE-2023-26159 | 2 Follow-redirects, Redhat | 13 Follow Redirects, Acm, Container Native Virtualization and 10 more | 2024-08-02 | 7.3 High |
| Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | ||||
| CVE-2023-25829 | 1 Esri | 1 Portal For Arcgis | 2024-08-02 | 6.1 Medium |
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | ||||
| CVE-2023-24044 | 1 Plesk | 1 Obsidian | 2024-08-02 | 6.1 Medium |
| A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." | ||||
| CVE-2023-24935 | 1 Microsoft | 1 Edge Chromium | 2024-08-02 | 6.1 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2023-24892 | 1 Microsoft | 1 Edge Chromium | 2024-08-02 | 8.2 High |
| Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | ||||
| CVE-2023-24735 | 1 Sigb | 1 Pmb | 2024-08-02 | 6.1 Medium |
| PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | ||||
| CVE-2023-24445 | 1 Jenkins | 1 Openid | 2024-08-02 | 6.1 Medium |
| Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | ||||
| CVE-2023-24030 | 1 Zimbra | 1 Collaboration | 2024-08-02 | 6.1 Medium |
| An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807. | ||||
| CVE-2023-23860 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-02 | 6.1 Medium |
| SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. | ||||
| CVE-2023-23853 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-02 | 6.1 Medium |
| An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability. | ||||
| CVE-2023-23855 | 1 Sap | 1 Solution Manager | 2024-08-02 | 6.5 Medium |
| SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability. | ||||
| CVE-2023-23395 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-08-02 | 3.1 Low |
| Microsoft SharePoint Server Spoofing Vulnerability | ||||