Total
1173 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40852 | 1 Tcman | 1 Gim | 2024-11-21 | 6.1 Medium |
| TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information. | ||||
| CVE-2021-3989 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 6.1 Medium |
| showdoc is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-3851 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 5.4 Medium |
| firefly-iii is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-3829 | 1 Openwhyd | 1 Openwhyd | 2024-11-21 | 6.1 Medium |
| openwhyd is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-3664 | 1 Url-parse Project | 1 Url-parse | 2024-11-21 | 5.3 Medium |
| url-parse is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-3654 | 2 Openstack, Redhat | 3 Nova, Openstack, Openstack Platform | 2024-11-21 | 6.1 Medium |
| A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. | ||||
| CVE-2021-3647 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 6.1 Medium |
| URI.js is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-3639 | 2 Redhat, Uninett | 2 Enterprise Linux, Mod Auth Mellon | 2024-11-21 | 6.1 Medium |
| A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity. | ||||
| CVE-2021-3189 | 1 Google | 1 Slashify | 2024-11-21 | 6.1 Medium |
| The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. | ||||
| CVE-2021-39501 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.1 Medium |
| EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function. | ||||
| CVE-2021-39425 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 6.1 Medium |
| SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | ||||
| CVE-2021-39191 | 4 Debian, Fedoraproject, Openidc and 1 more | 4 Debian Linux, Fedora, Mod Auth Openidc and 1 more | 2024-11-21 | 4.7 Medium |
| mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. | ||||
| CVE-2021-39112 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 4.8 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1. | ||||
| CVE-2021-38678 | 1 Qnap | 1 Qcalagent | 2024-11-21 | 6.1 Medium |
| An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later | ||||
| CVE-2021-38343 | 1 Kylephillips | 1 Nested Pages | 2024-11-21 | 4.7 Medium |
| The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions. | ||||
| CVE-2021-38123 | 1 Microfocus | 1 Network Automation | 2024-11-21 | 6.1 Medium |
| Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication. | ||||
| CVE-2021-37746 | 3 Claws-mail, Fedoraproject, Sylpheed Project | 3 Claws-mail, Fedora, Sylpheed | 2024-11-21 | 6.1 Medium |
| textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. | ||||
| CVE-2021-37699 | 1 Vercel | 1 Next.js | 2024-11-21 | 6.9 Medium |
| Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0. | ||||
| CVE-2021-37352 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link. | ||||
| CVE-2021-36580 | 1 Icewarp | 2 Icewarp Server, Mail Server | 2024-11-21 | 6.1 Medium |
| Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. | ||||