ReportizFlow
Filtered by vendor
Subscriptions
Total
1474 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56971 | 2026-04-15 | 6.5 Medium | ||
| An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56968 | 2026-04-15 | 6.5 Medium | ||
| An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload. | ||||
| CVE-2024-37234 | 2026-04-15 | 3.5 Low | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. | ||||
| CVE-2024-46886 | 2026-04-15 | 4.7 Medium | ||
| The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. | ||||
| CVE-2024-51132 | 2 Fhir, Redhat | 3 Hapi Fhir, Apache Camel Spring Boot, Camel Quarkus | 2026-04-15 | 9.8 Critical |
| An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities. | ||||
| CVE-2025-4513 | 1 Moodle | 1 Moodle | 2026-04-15 | 4.3 Medium |
| A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-24868 | 2026-04-15 | 7.1 High | ||
| The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirect URL validation. On successful exploitation attacker can cause limited impact on confidentiality, integrity, and availability of the system. | ||||
| CVE-2024-4882 | 2026-04-15 | N/A | ||
| The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions. | ||||
| CVE-2024-56969 | 2026-04-15 | 6.5 Medium | ||
| An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56962 | 2026-04-15 | 6.5 Medium | ||
| An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56959 | 2026-04-15 | 6.5 Medium | ||
| An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2025-20317 | 1 Cisco | 3 Integrated Management Controller, Ucs Manager, Virtual Keyboard Video Monitor | 2026-04-15 | 7.1 High |
| A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials. Note: The affected vKVM client is also included in Cisco UCS Manager. | ||||
| CVE-2024-46326 | 1 Pkp | 1 Pkb-lib | 2026-04-15 | 6.1 Medium |
| Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function. | ||||
| CVE-2025-6023 | 1 Grafana | 1 Grafana | 2026-04-15 | 7.6 High |
| An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01 | ||||
| CVE-2024-28287 | 2026-04-15 | 7.3 High | ||
| A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL. | ||||
| CVE-2024-54728 | 2026-04-15 | 6.5 Medium | ||
| Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs. | ||||
| CVE-2024-2419 | 1 Redhat | 1 Build Keycloak | 2026-04-15 | 7.1 High |
| A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291. | ||||
| CVE-2024-22243 | 1 Redhat | 1 Jboss Fuse | 2026-04-15 | 8.1 High |
| Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. | ||||
| CVE-2024-56951 | 2026-04-15 | 6.5 Medium | ||
| An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56972 | 2026-04-15 | 6.5 Medium | ||
| An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link. | ||||