Total
1058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6389 | 1 Abhinavsingh | 1 Wordpress Toolbar | 2025-06-20 | N/A | 6.1 MEDIUM |
| The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2024-22113 | 1 Anglers-net | 1 Cgi An-anlyzer | 2025-06-20 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2023-3771 | 1 T1 Project | 1 T1 | 2025-06-20 | N/A | 6.1 MEDIUM |
| The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites. | |||||
| CVE-2025-50181 | 2025-06-19 | N/A | N/A | ||
| urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. | |||||
| CVE-2025-49868 | 2025-06-17 | N/A | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.6.0. | |||||
| CVE-2023-26159 | 1 Follow-redirects | 1 Follow Redirects | 2025-06-17 | N/A | 6.1 MEDIUM |
| Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | |||||
| CVE-2024-25715 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2025-06-16 | N/A | 6.1 MEDIUM |
| Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. | |||||
| CVE-2024-24034 | 1 Setorinformatica | 1 S.i.l | 2025-06-16 | N/A | 6.1 MEDIUM |
| Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code. | |||||
| CVE-2025-6089 | 2025-06-15 | N/A | 4.3 MEDIUM | ||
| A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code of the file atCheckJS.aspx. The manipulation of the argument ref leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6690 | 1 Wp-buy | 1 Wp Content Copy Protection \& No Right Click | 2025-06-11 | N/A | N/A |
| The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites | |||||
| CVE-2025-26394 | 2025-06-10 | N/A | 4.8 MEDIUM | ||
| SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | |||||
| CVE-2025-30954 | 2025-06-06 | N/A | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin allows Phishing. This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through 1.1.0. | |||||
| CVE-2025-30953 | 2025-06-06 | N/A | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce allows Phishing. This issue affects WP Gravity Forms Salesforce: from n/a through 1.4.7. | |||||
| CVE-2025-49325 | 2025-06-06 | N/A | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Automattic Newspack Newsletters allows Phishing. This issue affects Newspack Newsletters: from n/a through 3.13.0. | |||||
| CVE-2024-21728 | 1 Smartcalc | 1 Osticky | 2025-06-04 | N/A | N/A |
| An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL. | |||||
| CVE-2024-27184 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | N/A |
| Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.. | |||||
| CVE-2025-48936 | 1 Zitadel | 1 Zitadel | 2025-06-04 | N/A | 8.8 HIGH |
| Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. If an attacker can manipulate these headers (e.g., via host header injection), they could cause ZITADEL to generate a password reset link pointing to a malicious domain controlled by the attacker. If the user clicks this manipulated link in the email, the secret reset code embedded in the URL can be captured by the attacker. This captured code could then be used to reset the user's password and gain unauthorized access to their account. This specific attack vector is mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled. This issue has been patched in versions 2.70.12, 2.71.10, and 3.2.2. | |||||
| CVE-2025-5183 | 1 Summerpearlgroup | 1 Vacation Rental Management Platform | 2025-06-03 | N/A | 4.7 MEDIUM |
| A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as problematic. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument Host leads to open redirect. The attack may be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2023-50345 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-03 | N/A | 6.1 MEDIUM |
| HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. | |||||
| CVE-2023-49394 | 1 Easycorp | 1 Zentao | 2025-06-03 | N/A | 6.1 MEDIUM |
| Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. | |||||