Total
1210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6552 | 2025-06-26 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The manipulation of the argument redirect_url leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-25012 | 2025-06-26 | N/A | 4.3 MEDIUM | ||
| URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL. | |||||
| CVE-2025-27625 | 1 Jenkins | 1 Jenkins | 2025-06-24 | N/A | 4.3 MEDIUM |
| In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects. | |||||
| CVE-2025-50181 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
| urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. | |||||
| CVE-2025-52552 | 2025-06-23 | N/A | N/A | ||
| FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12. | |||||
| CVE-2025-36016 | 2025-06-23 | N/A | 6.8 MEDIUM | ||
| IBM Process Mining 2.0.1 IF001 and 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
| CVE-2023-6389 | 1 Abhinavsingh | 1 Wordpress Toolbar | 2025-06-20 | N/A | 6.1 MEDIUM |
| The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2024-22113 | 1 Anglers-net | 1 Cgi An-anlyzer | 2025-06-20 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2023-3771 | 1 T1 Project | 1 T1 | 2025-06-20 | N/A | 6.1 MEDIUM |
| The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites. | |||||
| CVE-2025-3155 | 3 Debian, Gnome, Redhat | 21 Debian Linux, Yelp, Codeready Linux Builder and 18 more | 2025-06-20 | N/A | 7.4 HIGH |
| A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. | |||||
| CVE-2025-3522 | 1 Mozilla | 1 Thunderbird | 2025-06-18 | N/A | 6.3 MEDIUM |
| Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2. | |||||
| CVE-2024-30140 | 1 Hcltech | 1 Bigfix Compliance | 2025-06-17 | N/A | 5.4 MEDIUM |
| HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page. | |||||
| CVE-2025-49868 | 2025-06-17 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.6.0. | |||||
| CVE-2024-27592 | 1 Corezoid | 1 Corezoid | 2025-06-17 | N/A | 4.3 MEDIUM |
| Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL. | |||||
| CVE-2023-26159 | 1 Follow-redirects | 1 Follow Redirects | 2025-06-17 | N/A | 7.3 HIGH |
| Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | |||||
| CVE-2024-28344 | 1 Sipwise | 1 Next Generation Communication Platform | 2025-06-17 | N/A | 3.1 LOW |
| An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL. | |||||
| CVE-2024-2465 | 1 Cdex | 1 Cdex | 2025-06-17 | N/A | 7.1 HIGH |
| Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. | |||||
| CVE-2024-25715 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2025-06-16 | N/A | 6.1 MEDIUM |
| Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. | |||||
| CVE-2024-24034 | 1 Setorinformatica | 1 S.i.l | 2025-06-16 | N/A | 6.1 MEDIUM |
| Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code. | |||||
| CVE-2025-2091 | 2025-06-16 | N/A | N/A | ||
| An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs. | |||||