Total
1153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1774 | 1 Diagrams | 1 Drawio | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
| CVE-2022-1702 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. | |||||
| CVE-2022-1254 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy. | |||||
| CVE-2022-1233 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. | |||||
| CVE-2022-1230 | 1 Samsung | 2 Galaxy S21, Galaxy S21 Firmware | 2024-11-21 | N/A | 3.9 LOW |
| This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. Was ZDI-CAN-15918. | |||||
| CVE-2022-1058 | 1 Gitea | 1 Gitea | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. | |||||
| CVE-2022-1019 | 1 Automatedlogic | 1 Webctrl Server | 2024-11-21 | 5.8 MEDIUM | 5.2 MEDIUM |
| Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file. | |||||
| CVE-2022-0869 | 1 Spirit-project | 1 Spirit | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. | |||||
| CVE-2022-0868 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. | |||||
| CVE-2022-0697 | 1 Archivy Project | 1 Archivy | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. | |||||
| CVE-2022-0692 | 1 Alltube Project | 1 Alltube | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. | |||||
| CVE-2022-0645 | 1 Posthog | 1 Posthog | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1. | |||||
| CVE-2022-0597 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0560 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0283 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL. | |||||
| CVE-2022-0165 | 1 King-theme | 1 Kingcomposer | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users | |||||
| CVE-2022-0122 | 1 Digitalbazaar | 1 Forge | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| forge is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-4348 | 1 Createit | 1 Ultimate Gdpr \& Ccpa Compliance Toolkit | 2024-11-21 | N/A | 7.5 HIGH |
| The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks such as redirecting visitors to malicious sites. | |||||
| CVE-2021-4260 | 1 Oils-js Project | 1 Oils-js | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216268. | |||||
| CVE-2021-4000 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| showdoc is vulnerable to URL Redirection to Untrusted Site | |||||