Total
1238 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4964 | 1 Canonical | 1 Ubuntu Pipewire-pulse | 2025-06-20 | 5.5 Medium |
| Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. | ||||
| CVE-2024-22113 | 1 Anglers-net | 1 Cgi An-anlyzer | 2025-06-20 | 6.1 Medium |
| Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL. | ||||
| CVE-2023-3771 | 1 T1 Project | 1 T1 | 2025-06-20 | 6.1 Medium |
| The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites. | ||||
| CVE-2025-49868 | 2025-06-20 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.6.0. | ||||
| CVE-2024-7211 | 1 1e | 1 Platform | 2025-06-18 | 4.7 Medium |
| The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix. | ||||
| CVE-2025-3522 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2025-06-18 | 6.3 Medium |
| Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2. | ||||
| CVE-2024-0781 | 1 Martmbithi | 1 Internet Banking System | 2025-06-17 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability. | ||||
| CVE-2023-50963 | 1 Ibm | 1 Storage Defender Data Protect | 2025-06-17 | 6.5 Medium |
| IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. | ||||
| CVE-2024-22400 | 1 Nextcloud | 1 Sso \& Saml Authentication | 2025-06-17 | 3.1 Low |
| Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue. | ||||
| CVE-2024-30140 | 1 Hcltech | 1 Bigfix Compliance | 2025-06-17 | 5.4 Medium |
| HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page. | ||||
| CVE-2024-27592 | 1 Corezoid | 1 Corezoid | 2025-06-17 | 4.3 Medium |
| Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL. | ||||
| CVE-2024-22308 | 1 Simple-membership-plugin | 1 Simple Membership | 2025-06-17 | 3.4 Low |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1. | ||||
| CVE-2023-26159 | 2 Follow-redirects, Redhat | 14 Follow Redirects, Acm, Cluster Observability Operator and 11 more | 2025-06-17 | 7.3 High |
| Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | ||||
| CVE-2024-28344 | 1 Sipwise | 1 Next Generation Communication Platform | 2025-06-17 | 3.1 Low |
| An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL. | ||||
| CVE-2024-2465 | 1 Cdex | 1 Cdex | 2025-06-17 | 7.1 High |
| Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. | ||||
| CVE-2024-25715 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2025-06-16 | 6.1 Medium |
| Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. | ||||
| CVE-2024-24034 | 1 Setorinformatica | 1 S.i.l | 2025-06-16 | 6.1 Medium |
| Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code. | ||||
| CVE-2024-21794 | 1 Rapidscada | 1 Rapid Scada | 2025-06-16 | 5.4 Medium |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. | ||||
| CVE-2025-6089 | 2025-06-16 | 4.3 Medium | ||
| A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code of the file atCheckJS.aspx. The manipulation of the argument ref leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2091 | 2025-06-16 | N/A | ||
| An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs. | ||||