Total
1047 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9329 | 2 Eclipse, Eclipse Foundation | 2 Glassfish, Glassfish | 2024-10-07 | 6.1 Medium |
| In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | ||||
| CVE-2024-47530 | 1 Clinical-genomics | 1 Scout | 2024-10-04 | 5.4 Medium |
| Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89. | ||||
| CVE-2024-9266 | 2024-10-04 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0. | ||||
| CVE-2022-44215 | 1 Southrivertech | 1 Titan Ftp Server | 2024-10-03 | 6.1 Medium |
| There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. | ||||
| CVE-2023-1279 | 1 Gitlab | 1 Gitlab | 2024-10-03 | 2.6 Low |
| An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project. | ||||
| CVE-2023-39968 | 1 Jupyter | 1 Jupyter Server | 2024-09-30 | 4.3 Medium |
| jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-38574 | 1 I-pro | 1 Video Insight | 2024-09-30 | 6.1 Medium |
| Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | ||||
| CVE-2024-45979 | 1 Lpc | 1 Lines Police Cad | 2024-09-30 | 8.8 High |
| A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts. | ||||
| CVE-2024-45981 | 1 Bookreviewlibrary | 1 Bookreviewlibrary | 2024-09-30 | 8.8 High |
| A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. | ||||
| CVE-2024-46331 | 1 Modstart | 1 Modstartcms | 2024-09-30 | 7.2 High |
| ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted URL. | ||||
| CVE-2023-41080 | 3 Apache, Debian, Redhat | 7 Tomcat, Debian Linux, Amq Broker and 4 more | 2024-09-27 | 6.1 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. | ||||
| CVE-2024-8761 | 2 Share This Image Project, Wp-unit | 2 Share This Image, Share This Image | 2024-09-27 | 7.2 High |
| The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | ||||
| CVE-2023-39371 | 1 Startrinity | 1 Softswitch | 2024-09-27 | 8.8 High |
| StarTrinity Softswitch version 2023-02-16 - Open Redirect (CWE-601) | ||||
| CVE-2023-41609 | 1 Couchcms | 1 Couchcms | 2024-09-26 | 6.1 Medium |
| An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | ||||
| CVE-2024-34065 | 1 Strapi | 1 Strapi | 2024-09-26 | 7.1 High |
| Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch. | ||||
| CVE-2023-40306 | 1 Sap | 1 S\/4hana | 2024-09-25 | 6.1 Medium |
| SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity. | ||||
| CVE-2024-8897 | 2 Google, Mozilla | 2 Android, Firefox | 2024-09-25 | 6.1 Medium |
| Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1. | ||||
| CVE-2023-40779 | 1 Icewarp | 1 Deep Castle G2 | 2024-09-25 | 6.1 Medium |
| An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. | ||||
| CVE-2022-27861 | 1 Arscode | 1 Ninja Popups | 2024-09-25 | 4.7 Medium |
| Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions. | ||||
| CVE-2023-23957 | 1 Symantec | 1 Identity Portal | 2024-09-25 | 5.4 Medium |
| An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | ||||