Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-66596

Summary
Assigner-YokogawaGroup
Assigner Org ID-7168b535-132a-4efe-a076-338f829b2eb9
Published At-09 Feb, 2026 | 03:35
Updated At-09 Feb, 2026 | 19:05
Rejected At-
Credits

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:YokogawaGroup
Assigner Org ID:7168b535-132a-4efe-a076-338f829b2eb9
Published At:09 Feb, 2026 | 03:35
Updated At:09 Feb, 2026 | 19:05
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Affected Products
Vendor
Yokogawa Electric Corporation
Product
FAST/TOOLS
Default Status
unknown
Versions
Affected
  • From R9.01 through R10.04 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-601CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf
N/A
Hyperlink: https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:7168b535-132a-4efe-a076-338f829b2eb9
Published At:09 Feb, 2026 | 05:16
Updated At:06 Mar, 2026 | 20:28

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CPE Matches

yokogawa
yokogawa
>>fast\/tools>>Versions from r9.01(inclusive) to r10.04(inclusive)
cpe:2.3:a:yokogawa:fast\/tools:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-601Secondary7168b535-132a-4efe-a076-338f829b2eb9
CWE ID: CWE-601
Type: Secondary
Source: 7168b535-132a-4efe-a076-338f829b2eb9
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf7168b535-132a-4efe-a076-338f829b2eb9
Vendor Advisory
Hyperlink: https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf
Source: 7168b535-132a-4efe-a076-338f829b2eb9
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

794Records found

CVE-2024-24808
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.55% / 41.73%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 03:17
Updated-09 May, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.

Action-Not Available
Vendor-pyloadpyload
Product-pyloadpyload
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-25608
Matching Score-4
Assigner-Liferay, Inc.
ShareView Details
Matching Score-4
Assigner-Liferay, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.96% / 57.19%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 09:26
Updated-11 Dec, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.

Action-Not Available
Vendor-Liferay Inc.
Product-digital_experience_platformliferay_portalDXPPortal
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-23664
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.35% / 26.67%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 09:50
Updated-21 Jan, 2025 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiauthenticatorFortiAuthenticatorfortiauthenticator
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-24034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.56% / 42.52%
||
7 Day CHG~0.00%
Published-08 Feb, 2024 | 00:00
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-setorinformatican/a
Product-s.i.ln/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-24291
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.39% / 30.77%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL.

Action-Not Available
Vendor-yzmcmsn/a
Product-yzmcmsn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-23442
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 25.68%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 14:26
Updated-07 Aug, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kibana open redirect issue

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

Action-Not Available
Vendor-Elasticsearch BV
Product-kibanaKibana
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-22400
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.1||LOW
EPSS-0.45% / 36.30%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 19:21
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirect in user_saml via RelayState parameter in Nextcloud User Saml

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.

Action-Not Available
Vendor-Nextcloud GmbH
Product-sso_\&_saml_authenticationsecurity-advisories
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-4143
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-6||MEDIUM
EPSS-0.27% / 18.45%
||
7 Day CHG~0.00%
Published-01 May, 2025 | 00:19
Updated-12 May, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation of redirect_uri on authorize endpoint

The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. Fixed in:  https://github.com/cloudflare/workers-oauth-provider/pull/26 https://github.com/cloudflare/workers-oauth-provider/pull/26 Impact: Under certain circumstances (see below), if a victim had previously authorized with a server built on workers-oath-provider, and an attacker could later trick the victim into visiting a malicious web site, then attacker could potentially steal the victim's credentials to the same OAuth server and subsequently impersonate them. In order for the attack to be possible, the OAuth server's authorized callback must be designed to auto-approve authorizations that appear to come from an OAuth client that the victim has authorized previously. The authorization flow is not implemented by workers-oauth-provider; it is up to the application built on top to decide whether to implement such automatic re-authorization. However, many applications do implement such logic. Note: It is a basic, well-known requirement that OAuth servers should verify that the redirect URI is among the allowed list for the client, both during the authorization flow and subsequently when exchanging the authorization code for an access token. workers-oauth-provider implemented only the latter check, not the former. Unfortunately, the former is the much more important check. Readers who are familiar with OAuth may recognize that failing to check redirect URIs against the allowed list is a well-known, basic mistake, covered extensively in the RFC and elsewhere. The author of this library would like everyone to know that he was, in fact, well-aware of this requirement, thought about it a lot while designing the library, and then, somehow, forgot to actually make sure the check was in the code. That is, it's not that he didn't know what he was doing, it's that he knew what he was doing but flubbed it.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-workers-oauth-provider
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-22113
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 31.54%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 04:17
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL.

Action-Not Available
Vendor-ANGLERSNET
Product-cgi_an-anlyzerAccess analysis CGI An-Analyzer
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-22244
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 28.46%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 23:02
Updated-26 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Harbor Open Redirect URL

Open Redirect in Harbor  <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.

Action-Not Available
Vendor-HarborThe Linux Foundation
Product-harborHarbor
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-1774
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.2||HIGH
EPSS-1.12% / 62.32%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 20:40
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.

Action-Not Available
Vendor-diagramsjgraph
Product-drawiojgraph/drawio
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-22854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.40% / 31.60%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 00:00
Updated-11 Jul, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form.

Action-Not Available
Vendor-darktracen/adarktrace
Product-threat_visualizern/athreat_visualizer
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-1702
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-6.1||MEDIUM
EPSS-8.41% / 94.31%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 19:40
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_6210sma_7200sma_7210_firmwaresma_7210sma_6210_firmwaresma_8000vsma_8000v_firmwaresma_6200_firmwaresma_7200_firmwaresma_6200SonicWall SMA1000
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-25803
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.45% / 35.65%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 11:51
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.

Action-Not Available
Vendor-n/aBest Practical Solutions, LLC
Product-request_trackern/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-22308
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-3.4||LOW
EPSS-0.28% / 19.92%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 11:59
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Membership Plugin <= 4.4.1 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1.

Action-Not Available
Vendor-simple-membership-pluginsmp7, wp.insider
Product-simple_membershipSimple Membership
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-10098
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.1||MEDIUM
EPSS-73.98% / 99.42%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 16:39
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_serverApache HTTP Server
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-40630
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-5.1||MEDIUM
EPSS-0.43% / 34.22%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 11:08
Updated-09 Oct, 2025 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirection vulnerability in IceWarp Mail Server

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example “ https://icewarp.domain.com//<MALICIOUS_DOMAIN>/%2e%2e” https://icewarp.domain.com///%2e%2e” . This vulnerability has been tested in Firefox.

Action-Not Available
Vendor-icewarpIcewarp
Product-mail_serverIcewarp Mail Server
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-21065
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 26.13%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-03 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-PeopleSoft Enterprise PT PeopleTools
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-21728
Matching Score-4
Assigner-Joomla! Project
ShareView Details
Matching Score-4
Assigner-Joomla! Project
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 23.88%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 20:20
Updated-04 Jun, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Extension - smartcalc.es - Open redirect vulnerability in osTicky component for Joomla <= 2.2.8

An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL.

Action-Not Available
Vendor-smartcalcsmartcalc.es
Product-ostickyosTicky component for Joomla
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-21497
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.4||MEDIUM
EPSS-0.50% / 39.32%
||
7 Day CHG~0.00%
Published-17 Feb, 2024 | 05:00
Updated-03 Mar, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection.

Action-Not Available
Vendor-greenpaun/a
Product-caddy-securitygithub.com/greenpau/caddy-security
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-3859
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 6.79%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 16:30
Updated-13 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Firefox Focus elide URL allows address bar spoofing

Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_focusFocus
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-20369
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.31% / 22.99%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 17:23
Updated-25 Mar, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-network_services_orchestratorCisco Network Services Orchestrator
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-1440
Matching Score-4
Assigner-WSO2 LLC
ShareView Details
Matching Score-4
Assigner-WSO2 LLC
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 10.25%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 16:51
Updated-06 Oct, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint

An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site. By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions.

Action-Not Available
Vendor-WSO2 LLC
Product-identity_server_as_key_manageridentity_serverapi_managerWSO2 Identity Server as Key ManagerWSO2 Open Banking AMWSO2 API ManagerWSO2 Identity ServerWSO2 Carbon Identity Application Authentication Endpoint(Utils)WSO2 Open Banking IAM
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-50089
Matching Score-4
Assigner-44488dab-36db-4358-99f9-bc116477f914
ShareView Details
Matching Score-4
Assigner-44488dab-36db-4358-99f9-bc116477f914
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 4.28%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 15:02
Updated-12 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Aqara IAM/SSO Gateway open redirect

The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack.

Action-Not Available
Vendor-Aqara
Product-Aqara IAM/SSO Gateway
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-20634
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.57% / 43.12%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 16:02
Updated-11 Aug, 2025 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise Chat and Email Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_chat_and_emailCisco Enterprise Chat and Email
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-12561
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 20.62%
||
7 Day CHG~0.00%
Published-21 May, 2025 | 09:21
Updated-08 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Affiliate Sales in Google Analytics and other tools <= 2.0.0 - Open Redirect

The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.0.0. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Action-Not Available
Vendor-wecantrack
Product-Affiliate Sales in Google Analytics and other tools
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2018-7473
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.92% / 55.88%
||
7 Day CHG~0.00%
Published-07 Mar, 2018 | 15:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL.

Action-Not Available
Vendor-soconnectn/a
Product-sowifi_hotspotsowifi_hotspot_firmwaren/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-1240
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.6||MEDIUM
EPSS-0.32% / 23.74%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 10:57
Updated-19 Nov, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirection in pyload/pyload

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.

Action-Not Available
Vendor-pyloadpyloadpayload
Product-pyloadpyload/pyloadpayload
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-11955
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.47% / 37.49%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 15:07
Updated-04 Mar, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GLPI index.php redirect

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-n/aGLPI Project
Product-glpiGLPI
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-0781
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.51% / 39.96%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 16:00
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Internet Banking System pages_client_signup.php redirect

A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability.

Action-Not Available
Vendor-martmbithiCodeAstro
Product-internet_banking_systemInternet Banking System
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-0319
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 21.00%
||
7 Day CHG~0.00%
Published-15 Jan, 2024 | 16:27
Updated-30 Aug, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect vulnerability in FireEye HXTool

Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter.

Action-Not Available
Vendor-fireeyeFireEye
Product-hxtoolFireEye HXTool
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-0337
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.89% / 55.02%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 05:00
Updated-05 May, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Travelpayouts <= 1.1.15 - Open Redirect

The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Action-Not Available
Vendor-travelpayoutsUnknowntravelpayouts
Product-travelpayoutsTravelpayouts: All Travel Brands in One Placetravelpayouts
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-0545
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 37.96%
||
7 Day CHG~0.00%
Published-15 Jan, 2024 | 06:00
Updated-21 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeCanyon RISE Ultimate Project Manager signin redirect

A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-fairsketchCodeCanyon
Product-rise_ultimate_project_managerRISE Ultimate Project Manager
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-6552
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-6.1||MEDIUM
EPSS-0.48% / 38.23%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 12:19
Updated-17 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirect in TasmoAdmin

Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.

Action-Not Available
Vendor-tasmoadminTasmoAdmin
Product-tasmoadminTasmoAdmin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-29910
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.35% / 27.39%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100.

Action-Not Available
Vendor-Mozilla CorporationGoogle LLC
Product-firefoxandroidFirefox
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-1019
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.2||MEDIUM
EPSS-0.64% / 46.02%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:38
Updated-16 Apr, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Automated Logic WebCtrl Server Open Redirection Vulnerability

Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file.

Action-Not Available
Vendor-automatedlogicAutomated Logic
Product-webctrl_serverWebCtrl Server
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-6786
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.46% / 36.91%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:09
Updated-01 Aug, 2025 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Payment Gateway for Telcell <= 2.0.1 - Unauthenticated Open Redirect

The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue

Action-Not Available
Vendor-hkdigitUnknown
Product-payment_gateway_for_telcellPayment Gateway for Telcell
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-6927
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-1.11% / 61.88%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:59
Updated-11 Nov, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: open redirect via "form_post.jwt" jarm response mode

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onkeycloakRed Hat build of Keycloak 22.0.8Red Hat Single Sign-On 7.6 for RHEL 7Red Hat build of Keycloak 22Red Hat Single Sign-On 7Single Sign-On 7.6.6RHEL-8 based Middleware ContainersRed Hat Single Sign-On 7.6 for RHEL 9Red Hat Single Sign-On 7.6 for RHEL 8
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-6380
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.1||MEDIUM
EPSS-1.59% / 72.74%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 10:54
Updated-28 Aug, 2024 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in Alkacon Software OpenCms

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.

Action-Not Available
Vendor-alkaconAlkacon
Product-opencmsOpen CMS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-24020
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.32% / 23.68%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 17:51
Updated-13 Feb, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeGIA Open Redirect vulnerability

WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.

Action-Not Available
Vendor-wegiaLabRedesCefetRJ
Product-wegiaWeGIA
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-5986
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.2||HIGH
EPSS-0.45% / 36.24%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 03:47
Updated-02 Dec, 2024 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed.

Action-Not Available
Vendor-
Product-ecostruxure_power_monitoring_expertEcoStruxure Power Monitoring Expert (PME)EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards ModuleEcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-6389
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-25.68% / 97.71%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 14:44
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Toolbar <= 2.2.6 - Open Redirect

The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Action-Not Available
Vendor-abhinavsinghUnknown
Product-wordpress_toolbarWordPress Toolbar
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-5629
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.2||HIGH
EPSS-0.42% / 34.09%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 04:42
Updated-02 Aug, 2024 | 08:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.

Action-Not Available
Vendor-
Product-eb45e_firmwareeh45eeh45e_firmwareqh450_firmwareqh150eh450qh450jr900_firmwareer45ejr240er450_firmwareqb150qp150qp150_firmwareeb450er45e_firmwareeb450_firmwareqp450_firmwareqr450qb450_firmwareqr150qp450jr900qh150_firmwareeb45eqr450_firmwareqb150_firmwareeh450_firmwarejr240_firmwareqr150_firmwareer450qb450Trio Q-Series Ethernet Data RadioTrio E-Series Ethernet Data RadioTrio J-Series Ethernet Data Radio
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-21651
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.77% / 51.24%
||
7 Day CHG~0.00%
Published-05 Jan, 2022 | 19:15
Updated-23 Apr, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirect in shopware

Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible.

Action-Not Available
Vendor-shopwareshopware
Product-shopwareshopware
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-0250
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-1.25% / 65.87%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 16:05
Updated-26 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect

The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Action-Not Available
Vendor-deconfUnknown
Product-analytics_insightsAnalytics Insights for Google Analytics 4 (AIWP)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-53901
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.23% / 13.27%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 17:03
Updated-07 Apr, 2026 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WBCE CMS 1.6.1 Cross-Site Scripting and Open Redirect Vulnerability

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests.

Action-Not Available
Vendor-wbceUnknown
Product-wbce_cmsWBCE CMS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-49380
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-3.1||LOW
EPSS-0.16% / 5.94%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 18:15
Updated-02 Jun, 2026 | 12:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-5375
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-33.63% / 98.18%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 08:30
Updated-17 Sep, 2024 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in mosparo/mosparo

Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.

Action-Not Available
Vendor-mosparomosparo
Product-mosparomosparo/mosparo
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-47991
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 16.67%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 16:48
Updated-10 Jun, 2026 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-5190
Matching Score-4
Assigner-Liferay, Inc.
ShareView Details
Matching Score-4
Assigner-Liferay, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.39% / 30.50%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 06:03
Updated-28 Jan, 2025 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter.

Action-Not Available
Vendor-Liferay Inc.
Product-digital_experience_platformliferay_portalDXPPortal
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 15
  • 16
  • Next
Details not found