Total
962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23442 | 2024-06-17 | N/A | 6.1 MEDIUM | ||
| An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | |||||
| CVE-2024-34065 | 2024-06-13 | N/A | 7.1 HIGH | ||
| Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch. | |||||
| CVE-2024-22244 | 2024-06-11 | N/A | 4.3 MEDIUM | ||
| Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. | |||||
| CVE-2024-36419 | 2024-06-11 | N/A | 4.3 MEDIUM | ||
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the `/legacy` route. Version 8.6.1 contains a patch for the issue. | |||||
| CVE-2024-36406 | 2024-06-10 | N/A | 5.4 MEDIUM | ||
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-23664 | 2024-06-03 | N/A | 6.1 MEDIUM | ||
| A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL. | |||||
| CVE-2023-24892 | 1 Microsoft | 1 Edge Chromium | 2024-05-29 | N/A | 8.2 HIGH |
| Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | |||||
| CVE-2023-23395 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-05-29 | N/A | 3.1 LOW |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-24935 | 1 Microsoft | 1 Edge Chromium | 2024-05-29 | N/A | 6.1 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2024-34071 | 2024-05-21 | N/A | 6.1 MEDIUM | ||
| Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1. | |||||
| CVE-2024-0781 | 1 Martmbithi | 1 Internet Banking System | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability. | |||||
| CVE-2024-0545 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2024-05-17 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250714 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-4965 | 1 Phpipam | 1 Phpipam | 2024-05-17 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732. | |||||
| CVE-2023-3684 | 1 Livelyworks | 1 Articart | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/de_DE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack may be launched remotely. VDB-234230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-24044 | 1 Plesk | 1 Obsidian | 2024-05-17 | N/A | 6.1 MEDIUM |
| A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." | |||||
| CVE-2022-4589 | 1 Django Terms And Conditions Project | 1 Django Terms And Conditions | 2024-05-17 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.10 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175. | |||||
| CVE-2021-28861 | 2 Fedoraproject, Python | 2 Fedora, Python | 2024-05-17 | N/A | 7.4 HIGH |
| Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." | |||||
| CVE-2020-36665 | 1 Seotool Project | 1 Seotool | 2024-05-17 | 5.2 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The identifier of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability. | |||||
| CVE-2020-36664 | 1 Seotool Project | 1 Seotool | 2024-05-17 | 5.2 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been found in Artesãos SEOTools up to 0.17.1 and classified as problematic. This vulnerability affects the function setTitle of the file SEOMeta.php. The manipulation of the argument title leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222232. | |||||
| CVE-2020-36663 | 1 Seotool Project | 1 Seotool | 2024-05-17 | 5.2 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The patch is named ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231. | |||||