ReportizFlow
Filtered by vendor
Subscriptions
Total
1471 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30859 | 2026-04-23 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in guru-aliexpress AliNext ali2woo-lite allows Phishing.This issue affects AliNext: from n/a through <= 3.5.1. | ||||
| CVE-2025-30795 | 2026-04-23 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Aman FunnelKit Automations wp-marketing-automations allows Phishing.This issue affects FunnelKit Automations: from n/a through <= 3.5.1. | ||||
| CVE-2025-28896 | 2026-04-23 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin as-english-admin allows Phishing.This issue affects AS English Admin: from n/a through <= 1.0.0. | ||||
| CVE-2026-40096 | 2 Futo, Immich-app | 2 Immich, Immich | 2026-04-23 | 5.4 Medium |
| immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a <meta> tag in api.service.ts. A registered attacker can create a shared album with a crafted name containing 0;url=https://attackersite.com" http-equiv="refresh, which when rendered in the <meta property="og:title"> tag causes the victim's browser to redirect to an attacker-controlled site upon opening the share link. This facilitates phishing attacks, as the attacker could host a modified version of immich that collects login credentials from victims who believe they need to authenticate to view the shared album. This issue has been fixed in version 2.7.3. | ||||
| CVE-2025-24741 | 1 Logon | 1 Kb Support | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in LOGON KB Support kb-support.This issue affects KB Support: from n/a through <= 1.6.7. | ||||
| CVE-2025-24740 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress learnpress.This issue affects LearnPress: from n/a through <= 4.2.7.1. | ||||
| CVE-2024-54255 | 2026-04-23 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode login-sidebar-widget allows Phishing.This issue affects Login Widget With Shortcode: from n/a through <= 6.1.2. | ||||
| CVE-2024-50463 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.9. | ||||
| CVE-2024-49682 | 1 Simple-membership-plugin | 1 Simple Membership | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through <= 4.5.3. | ||||
| CVE-2024-47648 | 1 Theeventprime | 1 Eventprime | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5. | ||||
| CVE-2024-47646 | 2026-04-23 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in tomlister Payflex Payment Gateway payflex-payment-gateway.This issue affects Payflex Payment Gateway: from n/a through <= 2.6.1. | ||||
| CVE-2024-47354 | 2026-04-23 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership After Login Redirection simple-membership-after-login-redirection.This issue affects Simple Membership After Login Redirection: from n/a through <= 1.6. | ||||
| CVE-2024-47353 | 1 Quomodosoft | 1 Elementsready | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2. | ||||
| CVE-2008-2052 | 1 Bitrix24 | 1 Bitrix Site Manager | 2026-04-23 | 6.1 Medium |
| Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter. | ||||
| CVE-2008-1547 | 1 Microsoft | 1 Exchange Server | 2026-04-23 | N/A |
| Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. | ||||
| CVE-2009-3832 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2026-04-23 | N/A |
| Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. | ||||
| CVE-2008-2951 | 2 Edgewall, Fedoraproject | 2 Trac, Fedora | 2026-04-23 | 6.1 Medium |
| Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. | ||||
| CVE-2026-28106 | 2 Kings Plugins, Wordpress | 2 B2bking Premium, Wordpress | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a before 5.4.20. | ||||
| CVE-2026-40905 | 1 Kovah | 1 Linkace | 2026-04-23 | 8.1 High |
| LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By manipulating this header during a password reset request, an attacker can inject an attacker-controlled domain into the reset link sent via email. As a result, the victim receives a password reset email containing a malicious link pointing to an attacker-controlled domain. When the victim clicks the link, the password reset token is transmitted to the attacker-controlled server. An attacker can capture this token and use it to reset the victim’s password, leading to full account takeover. This vulnerability is fixed in 2.5.4. | ||||
| CVE-2026-41126 | 1 Bigbluebutton | 1 Bigbluebutton | 2026-04-22 | 4.3 Medium |
| BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds are available. | ||||