Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-66596

Summary
Assigner-YokogawaGroup
Assigner Org ID-7168b535-132a-4efe-a076-338f829b2eb9
Published At-09 Feb, 2026 | 03:35
Updated At-09 Feb, 2026 | 19:05
Rejected At-
Credits

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:YokogawaGroup
Assigner Org ID:7168b535-132a-4efe-a076-338f829b2eb9
Published At:09 Feb, 2026 | 03:35
Updated At:09 Feb, 2026 | 19:05
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Affected Products
Vendor
Yokogawa Electric Corporation
Product
FAST/TOOLS
Default Status
unknown
Versions
Affected
  • From R9.01 through R10.04 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-601CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf
N/A
Hyperlink: https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:7168b535-132a-4efe-a076-338f829b2eb9
Published At:09 Feb, 2026 | 05:16
Updated At:06 Mar, 2026 | 20:28

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CPE Matches

yokogawa
yokogawa
>>fast\/tools>>Versions from r9.01(inclusive) to r10.04(inclusive)
cpe:2.3:a:yokogawa:fast\/tools:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-601Secondary7168b535-132a-4efe-a076-338f829b2eb9
CWE ID: CWE-601
Type: Secondary
Source: 7168b535-132a-4efe-a076-338f829b2eb9
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf7168b535-132a-4efe-a076-338f829b2eb9
Vendor Advisory
Hyperlink: https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf
Source: 7168b535-132a-4efe-a076-338f829b2eb9
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

794Records found

CVE-2021-29217
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.1||MEDIUM
EPSS-0.71% / 49.22%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 21:04
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.

Action-Not Available
Vendor-n/aHewlett Packard Enterprise (HPE)
Product-oneview_global_dashboardHPE OneView Global Dashboard
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-43280
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.24% / 15.35%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 17:45
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salon Booking System plugin <= 10.8.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1.

Action-Not Available
Vendor-salonbookingsystemSalon Booking System
Product-salon_booking_systemSalon booking system
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-22797
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-4.6||MEDIUM
EPSS-0.46% / 36.91%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 19:48
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sysaid – sysaid Open Redirect

Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Action-Not Available
Vendor-SysAid Technologies Ltd.
Product-sysaidSysaid
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-43683
Matching Score-4
Assigner-Microchip Technology
ShareView Details
Matching Score-4
Assigner-Microchip Technology
CVSS Score-8.7||HIGH
EPSS-0.21% / 10.72%
||
7 Day CHG~0.00%
Published-04 Oct, 2024 | 19:56
Updated-01 Nov, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper verification of the Host header in TimeProvider 4100

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.

Action-Not Available
Vendor-microchipMicrochipmicrochip
Product-timeprovider_4100timeprovider_4100_firmwareTimeProvider 4100timeprovider_4100_firmware
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-23102
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.1||MEDIUM
EPSS-5.27% / 91.55%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:17
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connect_serverSINEMA Remote Connect Server
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-54276
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.18% / 7.54%
||
7 Day CHG-0.14%
Published-22 Jun, 2026 | 16:36
Updated-30 Jun, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to be able to execute. Further, the attacker is only receiving the digest, so should only be able to extract the user's credentials if the cryptography is weak or there is some kind of password reuse. This vulnerability is fixed in 3.14.1.

Action-Not Available
Vendor-aiohttpaio-libs
Product-aiohttpaiohttp
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-20479
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.85% / 76.48%
||
7 Day CHG+0.28%
Published-20 Feb, 2020 | 00:00
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.

Action-Not Available
Vendor-openidcn/aDebian GNU/LinuxopenSUSEFedora Project
Product-mod_auth_openidcdebian_linuxfedoraleapn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-43794
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 15.36%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 16:15
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect

OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is available in 1.3.19 and 2.16.0 for this issue.

Action-Not Available
Vendor-opensearch-project
Product-security-dashboards-plugin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-14912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.19% / 64.24%
||
7 Day CHG-0.00%
Published-20 Sep, 2019 | 13:38
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.

Action-Not Available
Vendor-prisen/a
Product-adasn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-42341
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 13.31%
||
7 Day CHG~0.00%
Published-08 Sep, 2024 | 11:57
Updated-11 Sep, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Action-Not Available
Vendor-lowayLoway
Product-queuemetricsQueueMetrics
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-14830
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-3.31% / 87.08%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 20:15
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app").

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-42353
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.50% / 39.00%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 20:12
Updated-19 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WebOb's location header normalization during redirect leads to open redirect

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8.

Action-Not Available
Vendor-pylonsprojectPylons
Product-webobwebob
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-14882
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.1||LOW
EPSS-1.08% / 61.02%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 12:14
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.

Action-Not Available
Vendor-[UNKNOWN]Moodle Pty Ltd
Product-moodlemoodle
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-27612
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-3.4||LOW
EPSS-0.62% / 45.26%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 14:19
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.

Action-Not Available
Vendor-SAP SE
Product-gui_for_windowsSAP GUI for Windows
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-14857
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-1.54% / 71.78%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 11:56
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.

Action-Not Available
Vendor-openidc[UNKNOWN]
Product-mod_auth_openidcmod_auth_openidc
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-23527
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.91% / 55.42%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 17:22
Updated-18 Apr, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in oidc_validate_redirect_url()

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.

Action-Not Available
Vendor-openidczmartzoneDebian GNU/Linux
Product-mod_auth_openidcdebian_linuxmod_auth_openidc
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-39097
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.37% / 28.73%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 00:00
Updated-26 Jan, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.

Action-Not Available
Vendor-sirn/agnuboard
Product-gnuboardn/agnuboard6
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-23184
Matching Score-4
Assigner-Octopus Deploy
ShareView Details
Matching Score-4
Assigner-Octopus Deploy
CVSS Score-6.1||MEDIUM
EPSS-0.56% / 42.67%
||
7 Day CHG+0.01%
Published-07 Feb, 2022 | 02:35
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.

Action-Not Available
Vendor-Octopus Deploy Pty. Ltd.
Product-octopus_serveroctopus_deployOctopus Server
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-14223
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-4.47% / 90.29%
||
7 Day CHG~0.00%
Published-06 Sep, 2019 | 16:04
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).

Action-Not Available
Vendor-alfrescon/a
Product-alfrescon/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-61606
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 10.92%
||
7 Day CHG~0.00%
Published-02 Oct, 2025 | 20:25
Updated-07 Oct, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeGIA: Open Redirect Vulnerability in `control.php` endpoint

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This issue is fixed in version 3.5.0.

Action-Not Available
Vendor-wegiaLabRedesCefetRJ
Product-wegiaWeGIA
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-27509
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 31.87%
||
7 Day CHG+0.02%
Published-28 Jul, 2022 | 13:11
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated redirection to a malicious website

Unauthenticated redirection to a malicious website

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)
Product-gatewayapplication_delivery_controllerapplication_delivery_controller_firmwareCitrix Application Delivery Management (Citrix ADC) and Citrix Gateway
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-37830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 23.12%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie.

Action-Not Available
Vendor-getoutlinen/agetoutline
Product-outlinen/aoutline
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-2252
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.89% / 55.07%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 15:15
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in microweber/microweber

Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-38037
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 21.30%
||
7 Day CHG~0.00%
Published-04 Oct, 2024 | 17:10
Updated-10 Apr, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BUG-000167983 - Unvalidated redirect in Portal for ArcGIS

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisPortal for ArcGIS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2016-1000108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.10% / 61.65%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 14:58
Updated-06 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Action-Not Available
Vendor-yawsn/aDebian GNU/Linux
Product-yawsdebian_linuxn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-37656
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.49% / 38.83%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 00:00
Updated-10 Jul, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.

Action-Not Available
Vendor-sirn/a
Product-gnuboardn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-37657
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 13.63%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 00:00
Updated-10 Jul, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component.

Action-Not Available
Vendor-sirn/a
Product-gnuboardn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-37658
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 13.63%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 00:00
Updated-10 Jul, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php.

Action-Not Available
Vendor-sirn/a
Product-gnuboardn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-13038
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.42% / 69.65%
||
7 Day CHG~0.00%
Published-29 Jun, 2019 | 00:00
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

Action-Not Available
Vendor-mod_auth_mellon_projectn/aOracle CorporationCanonical Ltd.Fedora Project
Product-ubuntu_linuxfedorazfs_storage_appliance_kitmod_auth_mellonn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-12783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.86% / 54.11%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 19:22
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.

Action-Not Available
Vendor-verintn/a
Product-impact_360n/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-2250
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.7||MEDIUM
EPSS-1.52% / 71.49%
||
7 Day CHG+0.29%
Published-01 Jul, 2022 | 15:03
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-3597
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.1||HIGH
EPSS-0.33% / 25.08%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 02:08
Updated-08 Apr, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Export WP Page to Static HTML/CSS <= 2.2.2 - Open Redirect

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Action-Not Available
Vendor-myrecorprecorp
Product-export_wp_page_to_static_html\/cssExport WordPress Pages to Static HTML & PDF — Static Site Export
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-34074
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.57% / 43.16%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:25
Updated-04 Aug, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe vuilnerable to an open redirect on login page

Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0.

Action-Not Available
Vendor-frappefrappe
Product-frappefrappe
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2008-2951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.83% / 76.31%
||
7 Day CHG~0.00%
Published-27 Jul, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.

Action-Not Available
Vendor-edgewalln/aFedora Project
Product-tracfedoran/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2008-2052
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.57% / 72.34%
||
7 Day CHG~0.00%
Published-02 May, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.

Action-Not Available
Vendor-n/aBitrix24
Product-bitrix_site_managern/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-6025
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.85% / 53.70%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 15:16
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

Action-Not Available
Vendor-sixapartSix Apart Ltd
Product-movable_typeMovable Type series
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-26326
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-4||MEDIUM
EPSS-0.34% / 26.46%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 18:43
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2

Action-Not Available
Vendor-Micro Focus International Limited
Product-netiq_access_managerNetIQ Access Manager
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-34071
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.38% / 29.49%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 13:31
Updated-12 Feb, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect Bypass Protection

Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1.

Action-Not Available
Vendor-Umbraco A/S (Umbraco)
Product-umbraco_cmsUmbraco-CMSumbraco_cms
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-2237
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 31.94%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-24 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-keycloak_node.js_adaptersingle_sign-onKeycloak
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-31135
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-6.1||MEDIUM
EPSS-0.48% / 38.16%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 15:07
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-29041
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.79% / 51.64%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 20:20
Updated-18 Dec, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Express.js Open Redirect in malformed URLs

Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.

Action-Not Available
Vendor-OpenJS FoundationExpress (OpenJS Foundation)
Product-expressexpress
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-10955
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.1||MEDIUM
EPSS-3.04% / 85.91%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 17:27
Updated-03 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-micrologix_1100_firmwaremicrologix_1400compactlogix_5370_l2compactlogix_5370_l1compactlogix_5370_l3compactlogix_5370_l1_firmwarecompactlogix_5370_l2_firmwaremicrologix_1400_b_firmwarecompactlogix_5370_l3_firmwaremicrologix_1400_a_firmwaremicrologix_1100CompactLogix 5370 L1 controllersMicroLogix 1100 ControllersCompactLogix 5370 L3 controllersCompactLogix 5370 L2 controllersMicroLogix 1400 Controllers
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-27184
Matching Score-4
Assigner-Joomla! Project
ShareView Details
Matching Score-4
Assigner-Joomla! Project
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 14.93%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 16:03
Updated-04 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
[20240801] - Core - Inadequate validation of internal URLs

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..

Action-Not Available
Vendor-Joomla!
Product-joomla\!Joomla! CMS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-28113
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-0.41% / 32.55%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 19:56
Updated-20 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirection using the return_url parameter in Peering Manager

Peering Manager is a BGP session management tool. In Peering Manager <=1.8.2, it is possible to redirect users to an arbitrary page using a crafted url. As a result users can be redirected to an unexpected location. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-peering-managerpeering-manager
Product-peering_managerpeering-manager
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-10372
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.1||MEDIUM
EPSS-0.97% / 57.37%
||
7 Day CHG~0.00%
Published-07 Aug, 2019 | 14:20
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.

Action-Not Available
Vendor-Jenkins
Product-gitlab_oauthJenkins Gitlab Authentication Plugin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-47854
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 12.10%
||
7 Day CHG+0.02%
Published-20 May, 2025 | 17:37
Updated-28 May, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-25715
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.41% / 33.31%
||
7 Day CHG~0.00%
Published-11 Feb, 2024 | 00:00
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.

Action-Not Available
Vendor-glewlwyd_sso_server_projectn/a
Product-glewlwyd_sso_servern/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-25566
Matching Score-4
Assigner-Ping Identity Corporation
ShareView Details
Matching Score-4
Assigner-Ping Identity Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.22% / 12.78%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 15:34
Updated-08 Nov, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in PingAM

An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks

Action-Not Available
Vendor-Ping Identity Corp.ForgeRock, Inc.
Product-access_managementPingAM
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-25609
Matching Score-4
Assigner-Liferay, Inc.
ShareView Details
Matching Score-4
Assigner-Liferay, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.36% / 27.49%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 09:37
Updated-11 Dec, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.

Action-Not Available
Vendor-Liferay Inc.
Product-digital_experience_platformliferay_portalDXPPortal
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-24763
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.06% / 60.31%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 17:35
Updated-17 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JumpServer Open Redirect Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available.

Action-Not Available
Vendor-FIT2CLOUD Inc.JumpServer (FIT2CLOUD Inc.)
Product-jumpserverjumpserver
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 15
  • 16
  • Next
Details not found