Total
1248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5936 | 1 Pribai | 1 Privategpt | 2025-07-17 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability includes potential phishing attacks, malware distribution, and credential theft. | |||||
| CVE-2024-9308 | 1 Hliu | 1 Llava | 2025-07-15 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft. | |||||
| CVE-2024-10812 | 1 Binary-husky | 1 Gpt Academic | 2025-07-14 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing attacks, distribute malware, and steal user credentials. | |||||
| CVE-2025-27888 | 1 Apache | 1 Druid | 2025-07-14 | N/A | 5.4 MEDIUM |
| Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid. This issue affects all previous Druid versions. When using the Druid management proxy, a request that has a specially crafted URL could be used to redirect the request to an arbitrary server instead. This has the potential for XSS or XSRF. The user is required to be authenticated for this exploit. The management proxy is enabled in Druid's out-of-box configuration. It may be disabled to mitigate this vulnerability. If the management proxy is disabled, some web console features will not work properly, but core functionality is unaffected. Users are recommended to upgrade to Druid 31.0.2 or Druid 32.0.1, which fixes the issue. | |||||
| CVE-2024-9387 | 1 Gitlab | 1 Gitlab | 2025-07-11 | N/A | 6.4 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint. | |||||
| CVE-2024-11274 | 1 Gitlab | 1 Gitlab | 2025-07-11 | N/A | 8.7 HIGH |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration. | |||||
| CVE-2024-22854 | 1 Darktrace | 1 Threat Visualizer | 2025-07-11 | N/A | 6.1 MEDIUM |
| DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form. | |||||
| CVE-2024-37656 | 1 Sir | 1 Gnuboard | 2025-07-10 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php. | |||||
| CVE-2024-37657 | 1 Sir | 1 Gnuboard | 2025-07-10 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component. | |||||
| CVE-2024-37658 | 1 Sir | 1 Gnuboard | 2025-07-10 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php. | |||||
| CVE-2025-6701 | 1 Xuxueli | 1 Xxl-sso | 2025-07-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirect_url leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-24381 | 1 Dell | 1 Unity Operating Environment | 2025-07-08 | N/A | 8.8 HIGH |
| Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. Exploitation may allow for session theft. | |||||
| CVE-2025-53535 | 2025-07-08 | N/A | N/A | ||
| Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. This vulnerability is fixed in 1.2.10. | |||||
| CVE-2025-42985 | 2025-07-08 | N/A | 6.1 MEDIUM | ||
| Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability. | |||||
| CVE-2025-42981 | 2025-07-08 | N/A | 6.1 MEDIUM | ||
| Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's browser, redirecting them to a site controlled by the attacker. This allows the attacker to access and/or modify restricted information related to the web client. While the vulnerability poses no impact on data availability, it presents a considerable risk to confidentiality and integrity. | |||||
| CVE-2024-54957 | 1 Nagios | 1 Nagios Xi | 2025-07-07 | N/A | 6.1 MEDIUM |
| Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without their consent. | |||||
| CVE-2025-6428 | 2 Google, Mozilla | 2 Android, Firefox | 2025-07-03 | N/A | 4.3 MEDIUM |
| When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140. | |||||
| CVE-2025-50182 | 2025-06-30 | N/A | 5.3 MEDIUM | ||
| urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0. | |||||
| CVE-2024-24818 | 1 Espocrm | 1 Espocrm | 2025-06-27 | N/A | 5.9 MEDIUM |
| EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2. | |||||
| CVE-2025-6286 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-06-26 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in PHPGurukul COVID19 Testing Management System 2021. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument q leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||