Total
1170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2465 | 2024-11-21 | 7.1 High | ||
| Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. | ||||
| CVE-2024-29041 | 1 Redhat | 6 Apicurio Registry, Network Observ Optr, Openshift Data Foundation and 3 more | 2024-11-21 | 6.1 Medium |
| Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3. | ||||
| CVE-2024-28344 | 2024-11-21 | 3.1 Low | ||
| An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL. | ||||
| CVE-2024-28287 | 2024-11-21 | 7.3 High | ||
| A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL. | ||||
| CVE-2024-27592 | 2024-11-21 | 4.3 Medium | ||
| Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL. | ||||
| CVE-2024-27291 | 2024-11-21 | 6.1 Medium | ||
| Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch. | ||||
| CVE-2024-26504 | 1 Wifire | 1 Hotspot | 2024-11-21 | 8.8 High |
| An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. | ||||
| CVE-2024-25715 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2024-11-21 | 6.1 Medium |
| Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. | ||||
| CVE-2024-25676 | 1 Viewerjs | 1 Viewerjs | 2024-11-21 | 4.7 Medium |
| An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading. | ||||
| CVE-2024-25657 | 2024-11-21 | 5.4 Medium | ||
| An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites. | ||||
| CVE-2024-24764 | 1 Octobercms | 1 October | 2024-11-21 | 3.5 Low |
| October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15. | ||||
| CVE-2024-24034 | 1 Setorinformatica | 1 S.i.l | 2024-11-21 | 6.1 Medium |
| Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code. | ||||
| CVE-2024-23442 | 1 Elastic | 1 Kibana | 2024-11-21 | 6.1 Medium |
| An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | ||||
| CVE-2024-22400 | 1 Nextcloud | 1 Sso \& Saml Authentication | 2024-11-21 | 3.1 Low |
| Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue. | ||||
| CVE-2024-22308 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | 3.4 Low |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1. | ||||
| CVE-2024-22248 | 2024-11-21 | 7.1 High | ||
| VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | ||||
| CVE-2024-22113 | 1 Anglers-net | 1 Cgi An-anlyzer | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL. | ||||
| CVE-2024-21794 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | 5.4 Medium |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. | ||||
| CVE-2024-21734 | 1 Sap | 1 Marketing | 2024-11-21 | 3.7 Low |
| SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application. | ||||
| CVE-2024-21684 | 2024-11-21 | N/A | ||
| There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the supported fixed versions. | ||||