Total
1058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6927 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-02-14 | N/A | 6.1 MEDIUM |
| A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134. | |||||
| CVE-2023-6291 | 1 Redhat | 8 Enterprise Linux, Keycloak, Migration Toolkit For Applications and 5 more | 2024-02-14 | N/A | 7.1 HIGH |
| A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. | |||||
| CVE-2024-24808 | 1 Pyload | 1 Pyload | 2024-02-13 | N/A | 6.1 MEDIUM |
| pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451. | |||||
| CVE-2008-2052 | 1 Bitrix24 | 1 Bitrix Site Manager | 2024-02-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter. | |||||
| CVE-2008-2951 | 2 Edgewall, Fedoraproject | 2 Trac, Fedora | 2024-02-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. | |||||
| CVE-2021-44528 | 1 Rubyonrails | 1 Rails | 2024-02-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. | |||||
| CVE-2024-21794 | 1 Rapidscada | 1 Rapid Scada | 2024-02-07 | N/A | 5.4 MEDIUM |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. | |||||
| CVE-2023-36085 | 1 Sisqualwfm | 1 Sisqualwfm | 2024-02-05 | N/A | 6.1 MEDIUM |
| The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources. | |||||
| CVE-2023-45105 | 1 Servit | 1 Affiliate-toolkit | 2024-02-03 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9. | |||||
| CVE-2021-22942 | 1 Rubyonrails | 1 Rails | 2024-02-02 | 5.8 MEDIUM | 6.1 MEDIUM |
| A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. | |||||
| CVE-2024-22308 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-01-30 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1. | |||||
| CVE-2024-22400 | 1 Nextcloud | 1 Sso \& Saml Authentication | 2024-01-26 | N/A | 6.1 MEDIUM |
| Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue. | |||||
| CVE-2023-20263 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2024-01-25 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. | |||||
| CVE-2023-50963 | 1 Ibm | 1 Storage Defender Data Protect | 2024-01-24 | N/A | 5.4 MEDIUM |
| IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. | |||||
| CVE-2024-0319 | 1 Fireeye | 1 Hxtool | 2024-01-19 | N/A | 6.1 MEDIUM |
| Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter. | |||||
| CVE-2023-24735 | 1 Sigb | 1 Pmb | 2024-01-18 | N/A | 6.1 MEDIUM |
| PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | |||||
| CVE-2023-49438 | 1 Flask-security-too Project | 1 Flask-security-too | 2024-01-14 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. | |||||
| CVE-2024-21734 | 1 Sap | 1 Marketing | 2024-01-12 | N/A | 5.4 MEDIUM |
| SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application. | |||||
| CVE-2023-28786 | 1 Solidwp | 1 Solid Security | 2024-01-10 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4. | |||||
| CVE-2023-52263 | 1 Brave | 1 Browser | 2024-01-09 | N/A | 6.1 MEDIUM |
| Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. | |||||