ReportizFlow
Filtered by vendor
Subscriptions
Total
1062 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31135 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.1 Medium |
| In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | ||||
| CVE-2024-2465 | 2024-11-21 | 7.1 High | ||
| Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. | ||||
| CVE-2024-29041 | 1 Redhat | 5 Apicurio Registry, Network Observ Optr, Openshift Data Foundation and 2 more | 2024-11-21 | 6.1 Medium |
| Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3. | ||||
| CVE-2024-28344 | 2024-11-21 | 3.1 Low | ||
| An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL. | ||||
| CVE-2024-28287 | 2024-11-21 | 7.3 High | ||
| A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL. | ||||
| CVE-2024-28239 | 2024-11-21 | 5.4 Medium | ||
| Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message "Your password needs to be updated" to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-28113 | 2024-11-21 | 3.5 Low | ||
| Peering Manager is a BGP session management tool. In Peering Manager <=1.8.2, it is possible to redirect users to an arbitrary page using a crafted url. As a result users can be redirected to an unexpected location. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-28076 | 2024-11-21 | 7 High | ||
| The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format | ||||
| CVE-2024-27592 | 2024-11-21 | 4.3 Medium | ||
| Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL. | ||||
| CVE-2024-27291 | 2024-11-21 | 6.1 Medium | ||
| Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch. | ||||
| CVE-2024-26504 | 1 Wifire | 1 Hotspot | 2024-11-21 | 8.8 High |
| An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. | ||||
| CVE-2024-25715 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2024-11-21 | 6.1 Medium |
| Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. | ||||
| CVE-2024-25676 | 1 Viewerjs | 1 Viewerjs | 2024-11-21 | 4.7 Medium |
| An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading. | ||||
| CVE-2024-25657 | 2024-11-21 | 5.4 Medium | ||
| An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites. | ||||
| CVE-2024-25559 | 2024-11-21 | 4.7 Medium | ||
| URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log. | ||||
| CVE-2024-24808 | 1 Pyload | 1 Pyload | 2024-11-21 | 4.7 Medium |
| pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451. | ||||
| CVE-2024-24764 | 1 Octobercms | 1 October | 2024-11-21 | 3.5 Low |
| October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15. | ||||
| CVE-2024-24291 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.1 Medium |
| An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. | ||||
| CVE-2024-24034 | 1 Setorinformatica | 1 S.i.l | 2024-11-21 | 6.1 Medium |
| Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code. | ||||
| CVE-2024-23664 | 2024-11-21 | 5.8 Medium | ||
| A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL. | ||||