Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-48784

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-14 Jul, 2026 | 19:04
Updated At-15 Jul, 2026 | 13:27
Rejected At-
Credits

Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate() used strtr() dot-segment encoding that skipped every other chained ../ or ./ segment, allowing attacker-controlled route parameters to generate URLs that collapse to a different path under RFC 3986 normalization. This issue is fixed in versions 5.4.53, 6.4.41, 7.4.13, and 8.0.13.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:14 Jul, 2026 | 19:04
Updated At:15 Jul, 2026 | 13:27
Rejected At:
▼CVE Numbering Authority (CNA)
Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate() used strtr() dot-segment encoding that skipped every other chained ../ or ./ segment, allowing attacker-controlled route parameters to generate URLs that collapse to a different path under RFC 3986 normalization. This issue is fixed in versions 5.4.53, 6.4.41, 7.4.13, and 8.0.13.

Affected Products
Vendor
symfony
Product
symfony
Versions
Affected
  • < 5.4.53
  • >= 6.0.0-BETA1, < 6.4.41
  • >= 7.0.0-BETA1, < 7.4.13
  • >= 8.0.0-BETA1, < 8.0.13
Vendor
symfony
Product
routing
Versions
Affected
  • < 5.4.53
  • >= 6.0.0-BETA1, < 6.4.41
  • >= 7.0.0-BETA1, < 7.4.13
  • >= 8.0.0-BETA1, < 8.0.13
Problem Types
TypeCWE IDDescription
CWECWE-172CWE-172: Encoding Error
CWECWE-601CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-172
Description: CWE-172: Encoding Error
Type: CWE
CWE ID: CWE-601
Description: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/symfony/symfony/security/advisories/GHSA-h5x3-xfc9-m39h
x_refsource_CONFIRM
https://github.com/symfony/symfony/commit/4b63c3a3f7af04ecd79c89a594b0b02a01990b1d
x_refsource_MISC
https://github.com/symfony/symfony/releases/tag/v5.4.53
x_refsource_MISC
https://github.com/symfony/symfony/releases/tag/v6.4.41
x_refsource_MISC
https://github.com/symfony/symfony/releases/tag/v7.4.13
x_refsource_MISC
Hyperlink: https://github.com/symfony/symfony/security/advisories/GHSA-h5x3-xfc9-m39h
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/symfony/symfony/commit/4b63c3a3f7af04ecd79c89a594b0b02a01990b1d
Resource:
x_refsource_MISC
Hyperlink: https://github.com/symfony/symfony/releases/tag/v5.4.53
Resource:
x_refsource_MISC
Hyperlink: https://github.com/symfony/symfony/releases/tag/v6.4.41
Resource:
x_refsource_MISC
Hyperlink: https://github.com/symfony/symfony/releases/tag/v7.4.13
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:14 Jul, 2026 | 20:17
Updated At:15 Jul, 2026 | 14:44

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate() used strtr() dot-segment encoding that skipped every other chained ../ or ./ segment, allowing attacker-controlled route parameters to generate URLs that collapse to a different path under RFC 3986 normalization. This issue is fixed in versions 5.4.53, 6.4.41, 7.4.13, and 8.0.13.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
N/A
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

sensiolabs
sensiolabs
>>symfony>>Versions before 5.4.53(exclusive)
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
sensiolabs
sensiolabs
>>symfony>>Versions from 6.0.0(inclusive) to 6.4.41(exclusive)
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
sensiolabs
sensiolabs
>>symfony>>Versions from 7.0.0(inclusive) to 7.4.13(exclusive)
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
sensiolabs
sensiolabs
>>symfony>>Versions from 8.0.0(inclusive) to 8.0.13(exclusive)
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-172Secondarysecurity-advisories@github.com
CWE-601Secondarysecurity-advisories@github.com
CWE ID: CWE-172
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-601
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/symfony/symfony/commit/4b63c3a3f7af04ecd79c89a594b0b02a01990b1dsecurity-advisories@github.com
Patch
https://github.com/symfony/symfony/releases/tag/v5.4.53security-advisories@github.com
Product
Release Notes
https://github.com/symfony/symfony/releases/tag/v6.4.41security-advisories@github.com
Product
Release Notes
https://github.com/symfony/symfony/releases/tag/v7.4.13security-advisories@github.com
Product
Release Notes
https://github.com/symfony/symfony/security/advisories/GHSA-h5x3-xfc9-m39hsecurity-advisories@github.com
Patch
Vendor Advisory
Hyperlink: https://github.com/symfony/symfony/commit/4b63c3a3f7af04ecd79c89a594b0b02a01990b1d
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/symfony/symfony/releases/tag/v5.4.53
Source: security-advisories@github.com
Resource:
Product
Release Notes
Hyperlink: https://github.com/symfony/symfony/releases/tag/v6.4.41
Source: security-advisories@github.com
Resource:
Product
Release Notes
Hyperlink: https://github.com/symfony/symfony/releases/tag/v7.4.13
Source: security-advisories@github.com
Resource:
Product
Release Notes
Hyperlink: https://github.com/symfony/symfony/security/advisories/GHSA-h5x3-xfc9-m39h
Source: security-advisories@github.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

819Records found

CVE-2026-45065
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-2.3||LOW
EPSS-0.26% / 17.55%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:43
Updated-15 Jul, 2026 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern built as ^ plus the raw requirement plus $; with ungrouped alternations, middle alternatives match as unanchored substrings, allowing a value such as //evil.com to satisfy a common locale requirement and generate a protocol-relative off-site URL. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12.

Action-Not Available
Vendor-sensiolabssymfony
Product-symfonysymfony
CWE ID-CWE-185
Incorrect Regular Expression
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-50345
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-3.1||LOW
EPSS-0.56% / 43.14%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 20:56
Updated-03 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirect via browser-sanitized URLs in symfony/http-foundation

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-sensiolabssymfony
Product-symfonysymfony
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-49216
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.1||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 16:15
Updated-17 Jul, 2026 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony UX: XSS in symfony/ux-autocomplete via unescaped AJAX response data

Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, the Stimulus controller in symfony/ux-autocomplete renders AJAX response items in _createAutocompleteWithRemoteData() by interpolating the text field into HTML template literals (<div>${item[labelField]}</div>) rather than text, allowing attacker-controlled markup from user-supplied dropdown values to execute in the browser of any user who opens an autocomplete widget backed by the same data. This issue is fixed in versions 2.36.0 and 3.1.0.

Action-Not Available
Vendor-symfony
Product-ux
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-55877
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 9.24%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 21:32
Updated-10 Jul, 2026 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony UX: XSS in symfony/ux-icons via unsanitized SVG content in local files and Iconify on-demand responses

Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux_icon() Twig function is marked is_safe=['html'] and Icon::toHtml() inlines SVG source verbatim, allowing unsanitized local SVG files or Iconify on-demand JSON body responses containing nested script elements, on* event handlers, or dangerous URL schemes to execute cross-site scripting. This issue is fixed in versions 2.36.1 and 3.2.0.

Action-Not Available
Vendor-symfony
Product-ux
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-48760
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.76%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:11
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlSanitizer::parse() rejected raw BiDi formatting characters but not percent-encoded forms and used an ASCII-only whitespace check, allowing sanitized URLs to retain visual-spoofing characters that downstream consumers could decode or display. This issue is fixed in versions 6.4.41, 7.4.13, and 8.0.13.

Action-Not Available
Vendor-sensiolabssymfony
Product-symfonyhtml-sanitizersymfony
CWE ID-CWE-1007
Insufficient Visual Distinction of Homoglyphs Presented to User
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-48761
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 18.53%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:21
Updated-15 Jul, 2026 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlAttributeSanitizer::getSupportedAttributes() omitted URL-bearing attributes on <object>, <applet>, <iframe>, and <img>, and <meta http-equiv="refresh"> URLs inside content bypassed URL sanitization, allowing explicitly enabled elements or attributes to pass javascript: and similar payloads into sanitized output. This issue is fixed in versions 6.4.41, 7.4.13, and 8.0.13.

Action-Not Available
Vendor-sensiolabssymfony
Product-symfonyhtml-sanitizersymfony
CWE ID-CWE-1023
Incomplete Comparison with Missing Factors
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-45064
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-2.3||LOW
EPSS-0.29% / 21.25%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 18:35
Updated-15 Jul, 2026 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlSanitizer::parse() passes Unicode explicit-direction BiDi formatting characters through into sanitized href and src attributes, allowing sanitized content to display a link destination that visually differs from the actual destination and enabling phishing-style visual spoofing. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12.

Action-Not Available
Vendor-sensiolabssymfony
Product-symfonyhtml-sanitizersymfony
CWE ID-CWE-1007
Insufficient Visual Distinction of Homoglyphs Presented to User
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-45753
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-2.1||LOW
EPSS-0.30% / 21.64%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 18:21
Updated-15 Jul, 2026 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — javascript: URI Survives Sanitization (XSS)

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlAttributeSanitizer::getSupportedAttributes() omits URL-valued attributes including action, formaction, poster, and cite, so configurations that admit those attributes can leave javascript: URIs unsanitized and enable XSS when the resulting HTML is rendered or a victim submits a form or clicks a button. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12.

Action-Not Available
Vendor-sensiolabssymfony
Product-symfonyhtml-sanitizersymfony
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-45066
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-2.3||LOW
EPSS-0.29% / 20.92%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:53
Updated-16 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts() or allowMediaHosts() because UrlSanitizer::parse() follows RFC 3986 while browsers follow WHATWG URL parsing, and because <area href> is checked against the media policy rather than the link policy. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12.

Action-Not Available
Vendor-sensiolabssymfony
Product-symfonyhtml-sanitizersymfony
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-436
Interpretation Conflict
CVE-2025-47946
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 11.48%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:25
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes

Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering `{{ attributes }}` or using any method that returns a `ComponentAttributes` instance (e.g. `only()`, `defaults()`, `without()`) ouputs attribute values directly without escaping. If these values are unsafe (e.g. contain user input), this can lead to HTML attribute injection and XSS vulnerabilities. The issue is fixed in version `2.25.1` of `symfony/ux-twig-component` Those who use `symfony/ux-live-component` must also update it to `2.25.1` to benefit from the fix, as it reuses the `ComponentAttributes` class internally. As a workaround, avoid rendering `{{ attributes }}` or derived objects directly if it may contain untrusted values. Instead, use `{{ attributes.render('name') }}` for safe output of individual attributes.

Action-Not Available
Vendor-symfony
Product-ux
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-46735
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.57% / 43.27%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 17:58
Updated-03 Sep, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony potential Cross-site Scripting in WebhookController

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now doesn't return any user-submitted input in its response.

Action-Not Available
Vendor-sensiolabssymfony
Product-symfonysymfony
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-46734
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.68% / 48.34%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 17:49
Updated-13 Feb, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.

Action-Not Available
Vendor-sensiolabssymfony
Product-twigsymfonysymfony
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4752
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.31% / 81.46%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 16:07
Updated-06 Aug, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.

Action-Not Available
Vendor-sensiolabsn/aFedora Project
Product-fedorasymfonyn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-19790
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.49% / 71.10%
||
7 Day CHG~0.00%
Published-18 Dec, 2018 | 22:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.

Action-Not Available
Vendor-sensiolabsn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedorasymfonyn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2018-11408
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.14% / 62.98%
||
7 Day CHG~0.00%
Published-13 Jun, 2018 | 16:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.

Action-Not Available
Vendor-sensiolabsn/aDebian GNU/Linux
Product-debian_linuxsymfonyn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2017-16652
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.95% / 57.20%
||
7 Day CHG~0.00%
Published-13 Jun, 2018 | 16:00
Updated-05 Aug, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.

Action-Not Available
Vendor-sensiolabsn/aDebian GNU/Linux
Product-debian_linuxsymfonyn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-5936
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-28.93% / 97.94%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 18:45
Updated-17 Jul, 2025 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in imartinez/privategpt

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability includes potential phishing attacks, malware distribution, and credential theft.

Action-Not Available
Vendor-pribaiimartinezimartinez
Product-privategptimartinez/privategptimartinez_privategpt
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-28364
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-6.1||MEDIUM
EPSS-0.45% / 36.35%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 23:20
Updated-26 Nov, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.

Action-Not Available
Vendor-braveBrave Software
Product-browserBrave Browser Android
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-56697
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 8.90%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 21:04
Updated-25 Jun, 2026 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nuxt - Open Redirect via Protocol-Relative Paths in reloadNuxtApp

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protocol. Attackers can inject paths like //evil.com to redirect users to attacker-controlled hosts, enabling phishing and OAuth authorization-code theft.

Action-Not Available
Vendor-nuxtNuxt
Product-nuxtNuxt
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-55892
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.23% / 14.16%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 20:01
Updated-26 Aug, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential Open Redirect via Parsing Differences in TYPO3

TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-TYPO3 Association
Product-typo3typo3
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-56326
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 10.56%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 21:04
Updated-25 Jun, 2026 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nuxt - Server-Side Open Redirect via Path-Normalization Bypass in navigateTo

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to redirect users to attacker-controlled sites via the Location header or meta-refresh, enabling phishing and OAuth authorization-code theft.

Action-Not Available
Vendor-nuxtNuxt
Product-nuxtNuxt
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-28069
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 34.68%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 07:41
Updated-10 Feb, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

Action-Not Available
Vendor-Dell Inc.
Product-streaming_data_platformStreaming Data Platform
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-55431
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.34% / 25.78%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 00:10
Updated-08 Jul, 2026 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `coder open app` opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the `$SESSION_TOKEN` placeholder the CLI replaces it with the user's real session token before handing the URL to the OS open handler. Practical exploitation requires the victim to run `coder open app` against a workspace whose external app definition the attacker controls. Only a malicious template author can control external app URLs. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 applies a URL-scheme allowlist in the CLI and limits `$SESSION_TOKEN` substitution to trusted destinations like the web frontend. As a workaround, avoid running `coder open app` for untrusted workspaces.

Action-Not Available
Vendor-codercoder
Product-codercoder
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-56734
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.9||HIGH
EPSS-0.39% / 31.06%
||
7 Day CHG~0.00%
Published-30 Dec, 2024 | 16:48
Updated-20 Oct, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint

Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on email verification links generated by the library. The verify email callback endpoint accepts a `callbackURL` parameter. Unlike other verification methods, email verification only uses JWT to verify and redirect without proper validation of the target domain. The origin checker is bypassed in this scenario because it only checks for `POST` requests. An attacker can manipulate this parameter to redirect users to arbitrary URLs controlled by the attacker. Version 1.1.6 contains a patch for the issue.

Action-Not Available
Vendor-better-authbetter-auth
Product-better_authbetter-auth
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-55590
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.28% / 19.96%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 18:55
Updated-13 Jul, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CakePHP: Open redirect weakness via backslash bypass

CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect() method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the redirect query string parameter. This issue is fixed in versions 2.11.1, 3.3.6, and 4.1.1.

Action-Not Available
Vendor-cakephpcakephp
Product-cakephpauthentication
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-28628
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.55% / 42.45%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 20:20
Updated-19 Feb, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`authority-regex` returns the wrong authority in lambdaisland/uri

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in question doesn't handle the backslash (`\`) character in the username correctly, leading to a wrong output. ex. a payload of `https://example.com\\@google.com` would return that the host is `google.com`, but the correct host should be `example.com`. Given that the library returns the wrong authority this may be abused to bypass host restrictions depending on how the library is used in an application. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-lambdaislandlambdaisland
Product-uriuri
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-54276
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.18% / 7.51%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 16:36
Updated-30 Jun, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to be able to execute. Further, the attacker is only receiving the digest, so should only be able to extract the user's credentials if the cryptography is weak or there is some kind of password reuse. This vulnerability is fixed in 3.14.1.

Action-Not Available
Vendor-aiohttpaio-libs
Product-aiohttpaiohttp
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-14830
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-3.31% / 87.19%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 20:15
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app").

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-28786
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-3.7||LOW
EPSS-0.36% / 27.82%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 09:46
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Solid Security Plugin <= 8.1.4 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4.

Action-Not Available
Vendor-SolidWP (iThemes)
Product-solid_securitySolid Security – Password, Two Factor Authentication, and Brute Force Protection
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-54051
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.44% / 35.91%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 20:42
Updated-15 Jan, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Connect | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-connectAdobe Connect
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-14831
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.81% / 52.80%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 20:19
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-5467
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 24.51%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 11:45
Updated-09 Apr, 2026 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Casdoor OAuth Authorization Request redirect

A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-casbinn/a
Product-casdoorCasdoor
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-54957
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.55% / 42.38%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 00:00
Updated-07 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without their consent.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-nagios_xin/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-22098
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-6.1||MEDIUM
EPSS-0.71% / 49.44%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 20:49
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along with redirection of UAA users to a malicious sites.

Action-Not Available
Vendor-n/aCloud Foundry
Product-user_account_and_authenticationcf-deploymentUAA server
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-50089
Matching Score-4
Assigner-44488dab-36db-4358-99f9-bc116477f914
ShareView Details
Matching Score-4
Assigner-44488dab-36db-4358-99f9-bc116477f914
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 7.96%
||
7 Day CHG+0.04%
Published-12 Jun, 2026 | 15:02
Updated-09 Jul, 2026 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Aqara IAM/SSO Gateway open redirect

The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack.

Action-Not Available
Vendor-aqaraAqara
Product-iam\/sso_gatewayAqara IAM/SSO Gateway
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-27143
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.32% / 24.45%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 22:16
Updated-28 Feb, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While the server blocks fully qualified URLs, it incorrectly allows scheme-less URLs. This results in the browser interpreting the URL as a fully qualified URL, leading to unintended redirection. An attacker can exploit this flaw by crafting a malicious verification link and tricking users into clicking it. Upon successful email verification, the user will be automatically redirected to the attacker's website, which can be used for phishing, malware distribution, or stealing sensitive authentication tokens. This CVE is a bypass of the fix for GHSA-8jhw-6pjj-8723/CVE-2024-56734. Version 1.1.21 contains an updated patch.

Action-Not Available
Vendor-better-authbetter-auth
Product-better_authbetter-auth
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-49380
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-3.1||LOW
EPSS-0.16% / 5.98%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 18:15
Updated-02 Jun, 2026 | 12:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-21491
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.7||MEDIUM
EPSS-0.67% / 47.66%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 14:11
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_javaSAP NetWeaver Application Server Java (Applications based on Web Dynpro Java)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-20789
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.87% / 54.75%
||
7 Day CHG~0.00%
Published-28 Jul, 2021 | 00:45
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL.

Action-Not Available
Vendor-groupsessionJapan Total System Co.,Ltd.
Product-groupsessiongroupsession_bycloudgroupsession_zionGroupSession
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-21338
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-1.10% / 62.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 01:45
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirection in Login Handling

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.

Action-Not Available
Vendor-TYPO3 Association
Product-typo3TYPO3.CMS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-20806
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.79% / 52.26%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 08:31
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-Cybozu, Inc.
Product-remote_service_managerCybozu Remote Service
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-20875
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.82% / 53.12%
||
7 Day CHG~0.00%
Published-24 Dec, 2021 | 06:30
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL.

Action-Not Available
Vendor-groupsessionJapan Total System Co.,Ltd.
Product-groupsessionGroupSession Free edition, GroupSession byCloud, GroupSession ZION
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-20105
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.74% / 50.57%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 15:37
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.

Action-Not Available
Vendor-machformn/a
Product-machformAppNitro Machform
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-25829
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.49% / 38.77%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 16:00
Updated-10 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BUG-000155001 - Unvalidated redirect in Portal for ArcGIS.

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisPortal for ArcGIS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-20031
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-6.1||MEDIUM
EPSS-13.04% / 95.90%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 22:55
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670tz500wnsa_3700sonicosnsa_2700nssp_15700nsa_6700tz300nsa_9250tz400tz350wnsa_9450nsv_25tz300wnsa_6650nsv_100nssp_12800nssp_13700nsa_4650nsa_2650tz400wtz470tz570nssp_12400supermassive_e10200tz600psupermassive_e10800soho_250nsa_3650supermassive_e10400nsv_270nsv_200nsv_50nsv_470nsa_4700nsv_400tz270wnsv_1600tz600supermassive_9800tz570wtz300ptz350supermassive_9600tz570pnsv_800supermassive_9200tz370nsv_300tz470wsupermassive_9400nsv_10tz370wnsa_5650nsv_870tz500soho_250wtz270nsa_9650SonicOS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-1629
Matching Score-4
Assigner-Salesforce, Inc.
ShareView Details
Matching Score-4
Assigner-Salesforce, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.34% / 68.05%
||
7 Day CHG~0.00%
Published-26 Mar, 2021 | 16:20
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.

Action-Not Available
Vendor-tableaun/aLinux Kernel Organization, IncMicrosoft Corporation
Product-windowstableau_serverlinux_kernelTableau
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-24735
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.08% / 61.31%
||
7 Day CHG~0.00%
Published-06 Mar, 2023 | 00:00
Updated-02 Aug, 2024 | 11:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL.

Action-Not Available
Vendor-sigbn/a
Product-pmbn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-24330
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.60% / 44.70%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2010-4266
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.58% / 43.88%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 13:38
Updated-07 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.

Action-Not Available
Vendor-vanillaforumsn/a
Product-vanilla_forumsvanilla forums
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-24044
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.16% / 80.14%
||
7 Day CHG~0.00%
Published-22 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."

Action-Not Available
Vendor-n/aPlesk (WebPros International GmbH)
Product-obsidiann/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 16
  • 17
  • Next
Details not found