Total
1246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2260 | 1 Opera | 1 Opera Browser | 2025-04-03 | N/A |
| Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute. | ||||
| CVE-2005-1475 | 1 Opera | 1 Opera Browser | 2025-04-03 | N/A |
| The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. | ||||
| CVE-2023-24044 | 1 Plesk | 1 Obsidian | 2025-04-02 | 6.1 Medium |
| A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." | ||||
| CVE-2023-24445 | 1 Jenkins | 1 Openid | 2025-04-02 | 6.1 Medium |
| Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | ||||
| CVE-2025-2980 | 2025-04-01 | 3.5 Low | ||
| A vulnerability classified as problematic was found in Legrand SMS PowerView 1.x. This vulnerability affects unknown code. The manipulation of the argument redirect leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3027 | 2025-04-01 | N/A | ||
| The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be redirected to potentially malicious external sites, which can be exploited for phishing or other social engineering attacks. | ||||
| CVE-2025-31871 | 2025-04-01 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Galaxy Weblinks WP Clone any post type allows Phishing. This issue affects WP Clone any post type: from n/a through 3.4. | ||||
| CVE-2024-57241 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.5 Medium |
| Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection. | ||||
| CVE-2024-49682 | 1 Simple-membership-plugin | 1 Simple Membership | 2025-03-31 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3. | ||||
| CVE-2025-27424 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-03-28 | 4.3 Medium |
| Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136. | ||||
| CVE-2022-44718 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | 3.5 Low |
| An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. | ||||
| CVE-2022-44717 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | 3.1 Low |
| An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. | ||||
| CVE-2025-30885 | 2025-03-27 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Phishing. This issue affects Bit Form – Contact Form Plugin: from n/a through 2.18.0. | ||||
| CVE-2025-30884 | 2025-03-27 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Integrations allows Phishing. This issue affects Bit Integrations: from n/a through 2.4.10. | ||||
| CVE-2025-30859 | 2025-03-27 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ali2woo AliNext allows Phishing. This issue affects AliNext: from n/a through 3.5.1. | ||||
| CVE-2025-30795 | 2025-03-27 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.5.1. | ||||
| CVE-2025-30781 | 2025-03-27 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce allows Phishing. This issue affects Scheduled & Automatic Order Status Controller for WooCommerce: from n/a through 3.7.1. | ||||
| CVE-2025-1488 | 1 Wpo365 | 1 Microsoft 365 Graph Mailer | 2025-03-27 | 4.7 Medium |
| The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if 1. they can successfully trick them into performing an action and 2. the plugin is activated but not configured. | ||||
| CVE-2024-0250 | 1 Deconf | 1 Analytics Insights | 2025-03-26 | 6.1 Medium |
| The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | ||||
| CVE-2022-28923 | 1 Caddyserver | 1 Caddy | 2025-03-26 | 6.1 Medium |
| Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. | ||||