Total
1281 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5977 | 1 Ibm | 1 Tealeaf Customer Experience | 2025-04-12 | 4.9 MEDIUM | 6.8 MEDIUM |
| Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2016-3047 | 1 Ibm | 1 Filenet Workplace | 2025-04-12 | 4.9 MEDIUM | 6.8 MEDIUM |
| Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2016-4604 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 5.8 MEDIUM | 5.4 MEDIUM |
| Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. | |||||
| CVE-2016-6657 | 1 Pivotal Software | 2 Cloud Foundry Elastic Runtime, Cloud Foundry Ops Manager | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
| An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later. | |||||
| CVE-2016-0204 | 1 Ibm | 1 Cloud Orchestrator | 2025-04-12 | 5.8 MEDIUM | 6.8 MEDIUM |
| Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2016-5385 | 8 Debian, Drupal, Fedoraproject and 5 more | 14 Debian Linux, Drupal, Fedora and 11 more | 2025-04-12 | 5.1 MEDIUM | 8.1 HIGH |
| PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. | |||||
| CVE-2015-5354 | 1 Novius-os | 1 Novius Os | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login. | |||||
| CVE-2016-0928 | 1 Pivotal | 1 Cloud Foundry Elastic Runtime | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
| Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2024-43280 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-11 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1. | |||||
| CVE-2024-8148 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | N/A | 6.1 MEDIUM |
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | |||||
| CVE-2024-38037 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | N/A | 6.1 MEDIUM |
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | |||||
| CVE-2022-3614 | 1 Octopus | 1 Octopus Server | 2025-04-10 | N/A | 6.1 MEDIUM |
| In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. | |||||
| CVE-2025-32693 | 2025-04-09 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress allows Phishing. This issue affects WebinarPress: from n/a through 1.33.27. | |||||
| CVE-2025-32694 | 2025-04-09 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Rustaurius Ultimate WP Mail allows Phishing. This issue affects Ultimate WP Mail: from n/a through 1.3.2. | |||||
| CVE-2008-1547 | 1 Microsoft | 1 Exchange Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. | |||||
| CVE-2009-3832 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2025-04-09 | 5.8 MEDIUM | N/A |
| Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. | |||||
| CVE-2008-2052 | 1 Bitrix24 | 1 Bitrix Site Manager | 2025-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter. | |||||
| CVE-2008-2951 | 2 Edgewall, Fedoraproject | 2 Trac, Fedora | 2025-04-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. | |||||
| CVE-2025-3433 | 2025-04-08 | N/A | 6.1 MEDIUM | ||
| The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. This is due to insufficient validation on the redirect url supplied via the 'redir' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2024-31253 | 1 Wp-oauth | 1 Wp Oauth Server | 2025-04-08 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3. | |||||