Total
1047 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24808 | 1 Pyload | 1 Pyload | 2024-08-01 | 4.7 Medium |
| pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451. | ||||
| CVE-2024-24763 | 2024-08-01 | 4.3 Medium | ||
| JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available. | ||||
| CVE-2024-24291 | 1 Yzmcms | 1 Yzmcms | 2024-08-01 | 6.1 Medium |
| An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. | ||||
| CVE-2024-23664 | 2024-08-01 | 5.8 Medium | ||
| A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL. | ||||
| CVE-2024-22400 | 1 Nextcloud | 1 Sso \& Saml Authentication | 2024-08-01 | 3.1 Low |
| Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue. | ||||
| CVE-2024-22308 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-08-01 | 3.4 Low |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1. | ||||
| CVE-2024-22244 | 2024-08-01 | 4.3 Medium | ||
| Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. | ||||
| CVE-2024-22113 | 1 Anglers-net | 1 Cgi An-anlyzer | 2024-08-01 | 6.1 Medium |
| Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL. | ||||
| CVE-2024-21794 | 1 Rapidscada | 1 Rapid Scada | 2024-08-01 | 5.4 Medium |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. | ||||
| CVE-2024-21641 | 1 Flarum | 1 Flarum | 2024-08-01 | 7.5 High |
| Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe. | ||||
| CVE-2024-20369 | 2024-08-01 | 4.7 Medium | ||
| A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. | ||||
| CVE-2024-20400 | 2024-08-01 | 4.7 Medium | ||
| A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. | ||||
| CVE-2024-6289 | 1 Wpserveur | 1 Wps Hide Login | 2024-08-01 | 6.1 Medium |
| The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. | ||||
| CVE-2024-5936 | 2024-08-01 | N/A | ||
| An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability includes potential phishing attacks, malware distribution, and credential theft. | ||||
| CVE-2024-5492 | 2024-08-01 | N/A | ||
| Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway | ||||
| CVE-2024-4940 | 2024-08-01 | N/A | ||
| An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. This issue is due to improper validation of user-supplied input in the handling of URLs. Attackers can exploit this vulnerability by crafting a malicious URL that, when processed by the application, redirects the user to an attacker-controlled web page. | ||||
| CVE-2024-4882 | 2024-08-01 | N/A | ||
| The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions. | ||||
| CVE-2024-4773 | 2024-08-01 | 7.5 High | ||
| When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126. | ||||
| CVE-2024-4704 | 1 Rocklobster | 1 Contact Form 7 | 2024-08-01 | 6.1 Medium |
| The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. | ||||
| CVE-2024-4604 | 2024-08-01 | 6.1 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO (Single Sign On) allows Manipulating Hidden Fields.This issue affects SSO (Single Sign On): from 1.0 before 1.1. | ||||