Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-24808

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-06 Feb, 2024 | 03:17
Updated At-09 May, 2025 | 16:31
Rejected At-
Credits

pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:06 Feb, 2024 | 03:17
Updated At:09 May, 2025 | 16:31
Rejected At:
▼CVE Numbering Authority (CNA)
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.

Affected Products
Vendor
pyload
Product
pyload
Versions
Affected
  • <= 0.4.20
Problem Types
TypeCWE IDDescription
CWECWE-601CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5
x_refsource_CONFIRM
https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd
x_refsource_MISC
Hyperlink: https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5
x_refsource_CONFIRM
x_transferred
https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:06 Feb, 2024 | 04:15
Updated At:13 Feb, 2024 | 22:48

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CPE Matches

pyload
pyload
>>pyload>>Versions up to 0.5.0(inclusive)
cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-601Primarysecurity-advisories@github.com
CWE ID: CWE-601
Type: Primary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccdsecurity-advisories@github.com
Patch
https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5security-advisories@github.com
Exploit
Vendor Advisory
Hyperlink: https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

672Records found

CVE-2024-1240
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.6||MEDIUM
EPSS-0.09% / 26.89%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 10:57
Updated-19 Nov, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirection in pyload/pyload

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.

Action-Not Available
Vendor-pyloadpyloadpayload
Product-pyloadpyload/pyloadpayload
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-0057
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-3.1||LOW
EPSS-0.24% / 46.44%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restriction of Rendered UI Layers or Frames in pyload/pyload

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.

Action-Not Available
Vendor-pyload-ng_projectpyloadpyload
Product-pyload-ngpyloadpyload/pyload
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2025-7953
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 8.28%
||
7 Day CHG+0.01%
Published-22 Jul, 2025 | 03:32
Updated-20 Aug, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sanluan PublicCMS viewer.html redirect

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-publiccmsSanluan
Product-publiccmsPublicCMS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-20264
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 21.62%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 17:10
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user to access a site that is under the control of the attacker, allowing the attacker to modify the login URL. A successful exploit could allow the attacker to intercept a successful SAML assertion and use that assertion to establish a remote access VPN session toward the affected device with the identity and permissions of the hijacked user, resulting in access to the protected network.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-20263
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 64.03%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 17:10
Updated-21 Nov, 2024 | 21:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hyperflex_hx_data_platformCisco HyperFlex HX Data Platform
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2010-2471
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.48% / 64.05%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:09
Updated-07 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Drupal versions 5.x and 6.x has open redirection

Action-Not Available
Vendor-Debian GNU/LinuxThe Drupal Association
Product-debian_linuxdrupaldrupal6
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-20884
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 50.18%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:05
Updated-10 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)Microsoft Corporation
Product-workspace_one_accessidentity_managerlinux_kernelwindowscloud_foundationidentity_manager_connectorVMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-20886
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.28%
||
7 Day CHG~0.00%
Published-31 Oct, 2023 | 20:44
Updated-12 Sep, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-workspace_one_uemVMware Workspace ONE UEM Console
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2016-4075
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 52.68%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 02:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.

Action-Not Available
Vendor-n/aOpera
Product-opera_browseropera_minin/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-6289
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-2.02% / 83.00%
||
7 Day CHG-0.27%
Published-15 Jul, 2024 | 06:00
Updated-27 Aug, 2025 | 12:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.

Action-Not Available
Vendor-wpserveurUnknownwpserveur
Product-wps_hide_loginWPS Hide Loginwps_hide_login
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2016-15030
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.04% / 10.59%
||
7 Day CHG~0.00%
Published-25 Mar, 2023 | 17:31
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arno0x TwoFactorAuth login.php redirect

A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 8549ad3cf197095f783643e41333586d6a4d0e54. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223803.

Action-Not Available
Vendor-twofactorauth_projectArno0x
Product-twofactorauthTwoFactorAuth
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-35206
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.51% / 65.12%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 13:38
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gitpod before 0.6.0 allows unvalidated redirects.

Action-Not Available
Vendor-gitpodn/a
Product-gitpodn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-58204
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-Not Assigned
Published-27 Aug, 2025 | 17:45
Updated-27 Aug, 2025 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Podlove Podcast Publisher Plugin <= 4.2.5 - Open Redirection Vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Eric Teubert Podlove Podcast Publisher allows Phishing. This issue affects Podlove Podcast Publisher: from n/a through 4.2.5.

Action-Not Available
Vendor-Eric Teubert
Product-Podlove Podcast Publisher
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2010-3661
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 50.17%
||
7 Day CHG~0.00%
Published-01 Nov, 2019 | 17:26
Updated-07 Aug, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.

Action-Not Available
Vendor-n/aTYPO3 Association
Product-typo3n/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-7949
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.09%
||
7 Day CHG+0.01%
Published-22 Jul, 2025 | 01:32
Updated-20 Aug, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sanluan PublicCMS preview.html redirect

A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named c1e79f124e3f4c458315d908ed7dee06f9f12a76/f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-publiccmsSanluan
Product-publiccmsPublicCMS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2010-4266
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 41.88%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 13:38
Updated-07 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.

Action-Not Available
Vendor-vanillaforumsn/a
Product-vanilla_forumsvanilla forums
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-1279
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-2.6||LOW
EPSS-0.06% / 18.66%
||
7 Day CHG~0.00%
Published-01 Sep, 2023 | 10:01
Updated-22 May, 2025 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
URL Redirection to Untrusted Site in GitLab

An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2016-1000110
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-5.41% / 89.75%
||
7 Day CHG-2.59%
Published-27 Nov, 2019 | 16:54
Updated-06 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectPython Software Foundation
Product-debian_linuxfedorapythonn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-27184
Matching Score-4
Assigner-Joomla! Project
ShareView Details
Matching Score-4
Assigner-Joomla! Project
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 0.18%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 16:03
Updated-04 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
[20240801] - Core - Inadequate validation of internal URLs

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..

Action-Not Available
Vendor-Joomla!
Product-joomla\!Joomla! CMS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-38343
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.7||MEDIUM
EPSS-0.19% / 41.31%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 18:05
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nested Pages <= 3.1.15 Open Redirect

The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions.

Action-Not Available
Vendor-kylephillipsKyle Phillips
Product-nested_pagesNested Pages
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-0876
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 30.10%
||
7 Day CHG~0.00%
Published-20 Mar, 2023 | 15:52
Updated-26 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Meta SEO < 4.5.3 - Subscriber+ Improper Authorization causing Arbitrary Redirect

The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability.

Action-Not Available
Vendor-UnknownJoomUnited
Product-wp_meta_seoWP Meta SEO
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-0681
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.32%
||
7 Day CHG~0.00%
Published-20 Mar, 2023 | 17:26
Updated-26 Feb, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rapid7 Nexpose Uncontrolled URL Redirect

Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179. 

Action-Not Available
Vendor-Rapid7 LLC
Product-insightvmNexpose
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-25715
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.84%
||
7 Day CHG~0.00%
Published-11 Feb, 2024 | 00:00
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.

Action-Not Available
Vendor-glewlwyd_sso_server_projectn/a
Product-glewlwyd_sso_servern/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-0748
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.4||MEDIUM
EPSS-0.26% / 48.92%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in btcpayserver/btcpayserver

Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.

Action-Not Available
Vendor-btcpayserverbtcpayserver
Product-btcpayserverbtcpayserver/btcpayserver
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-38678
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 38.61%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 01:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect Vulnerability in QcalAgent

An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qcalagentQcalAgent
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-39191
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.37% / 58.09%
||
7 Day CHG-0.09%
Published-03 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
URL Redirection to Untrusted Site ('Open Redirect') in mod_auth_openidc

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version.

Action-Not Available
Vendor-openidczmartzoneDebian GNU/LinuxFedora Project
Product-mod_auth_openidcdebian_linuxfedoramod_auth_openidc
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2016-1000107
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.53% / 66.30%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 17:32
Updated-06 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Action-Not Available
Vendor-erlangn/a
Product-erlang\/otpn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-24291
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.12% / 32.39%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL.

Action-Not Available
Vendor-yzmcmsn/a
Product-yzmcmsn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2018-3743
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 54.42%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 17:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.

Action-Not Available
Vendor-hekto_projectHackerOne
Product-hektohekto
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2018-25091
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.22%
||
7 Day CHG-0.01%
Published-15 Oct, 2023 | 00:00
Updated-16 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

Action-Not Available
Vendor-n/aPython Software Foundation
Product-urllib3n/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2016-1000108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.57% / 67.69%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 14:58
Updated-06 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Action-Not Available
Vendor-yawsn/aDebian GNU/Linux
Product-yawsdebian_linuxn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2018-7473
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.94%
||
7 Day CHG~0.00%
Published-07 Mar, 2018 | 15:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL.

Action-Not Available
Vendor-soconnectn/a
Product-sowifi_hotspotsowifi_hotspot_firmwaren/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-0042
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 20.69%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-25566
Matching Score-4
Assigner-Ping Identity Corporation
ShareView Details
Matching Score-4
Assigner-Ping Identity Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.10% / 28.23%
||
7 Day CHG+0.01%
Published-29 Oct, 2024 | 15:34
Updated-08 Nov, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in PingAM

An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks

Action-Not Available
Vendor-Ping Identity Corp.ForgeRock, Inc.
Product-access_managementPingAM
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-24763
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-26.41% / 96.12%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 17:35
Updated-17 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JumpServer Open Redirect Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available.

Action-Not Available
Vendor-FIT2CLOUD Inc.JumpServer (FIT2CLOUD Inc.)
Product-jumpserverjumpserver
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-25609
Matching Score-4
Assigner-Liferay, Inc.
ShareView Details
Matching Score-4
Assigner-Liferay, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.51% / 65.34%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 09:37
Updated-11 Dec, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.

Action-Not Available
Vendor-Liferay Inc.
Product-digital_experience_platformliferay_portalDXPPortal
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-25608
Matching Score-4
Assigner-Liferay, Inc.
ShareView Details
Matching Score-4
Assigner-Liferay, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.47% / 63.55%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 09:26
Updated-11 Dec, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.

Action-Not Available
Vendor-Liferay Inc.
Product-digital_experience_platformliferay_portalDXPPortal
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-38000
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.1||MEDIUM
EPSS-2.91% / 85.84%
||
7 Day CHG-0.46%
Published-23 Nov, 2021 | 21:30
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.

Action-Not Available
Vendor-Google LLCFedora ProjectDebian GNU/Linux
Product-debian_linuxandroidchromefedoraChromeandroidchromeChromium Intents
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-24034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 59.72%
||
7 Day CHG~0.00%
Published-08 Feb, 2024 | 00:00
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-setorinformatican/a
Product-s.i.ln/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-6701
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 6.31%
||
7 Day CHG~0.00%
Published-26 Jun, 2025 | 16:00
Updated-10 Jul, 2025 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xuxueli xxl-sso doLogin redirect

A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirect_url leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-xuxueliXuxueli
Product-xxl-ssoxxl-sso
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-23664
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.25% / 47.71%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 09:50
Updated-21 Jan, 2025 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiauthenticatorFortiAuthenticatorfortiauthenticator
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-47500
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.1||MEDIUM
EPSS-0.81% / 73.21%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 10:03
Updated-17 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Helix: Open redirect

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding.  User please upgrade to 1.1.0 to fix this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-helixApache Helix
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2015-9540
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 42.72%
||
7 Day CHG~0.00%
Published-04 Jan, 2020 | 06:20
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.

Action-Not Available
Vendor-chamilon/a
Product-chamilo_lmsn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-23442
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 52.84%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 14:26
Updated-07 Aug, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kibana open redirect issue

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

Action-Not Available
Vendor-Elasticsearch BV
Product-kibanaKibana
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-46886
Matching Score-4
Assigner-ServiceNow
ShareView Details
Matching Score-4
Assigner-ServiceNow
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 25.18%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.

Action-Not Available
Vendor-ServiceNow, Inc.
Product-servicenowServiceNow
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-21728
Matching Score-4
Assigner-Joomla! Project
ShareView Details
Matching Score-4
Assigner-Joomla! Project
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 22.27%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 20:20
Updated-04 Jun, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Extension - smartcalc.es - Open redirect vulnerability in osTicky component for Joomla <= 2.2.8

An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL.

Action-Not Available
Vendor-smartcalcsmartcalc.es
Product-ostickyosTicky component for Joomla
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-22854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.15% / 36.00%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 00:00
Updated-11 Jul, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form.

Action-Not Available
Vendor-darktracen/adarktrace
Product-threat_visualizern/athreat_visualizer
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22400
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.1||LOW
EPSS-0.27% / 50.00%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 19:21
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirect in user_saml via RelayState parameter in Nextcloud User Saml

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.

Action-Not Available
Vendor-Nextcloud GmbH
Product-sso_\&_saml_authenticationsecurity-advisories
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-22113
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 59.72%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 04:17
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL.

Action-Not Available
Vendor-ANGLERSNET
Product-cgi_an-anlyzerAccess analysis CGI An-Analyzer
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-6286
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.51%
||
7 Day CHG+0.01%
Published-19 Jun, 2025 | 23:00
Updated-26 Jun, 2025 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul COVID19 Testing Management System search-report-result.php redirect

A vulnerability classified as problematic has been found in PHPGurukul COVID19 Testing Management System 2021. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument q leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-covid19_testing_management_systemCOVID19 Testing Management System
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 13
  • 14
  • Next
Details not found