Export limit exceeded: 363222 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1570 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56972 | 2026-04-15 | 6.5 Medium | ||
| An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2025-62428 | 1 Drawing-captcha | 1 Drawing-captcha | 2026-04-15 | N/A |
| Drawing-Captcha APP provides interactive, engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm-email endpoints. It allows an attacker to manipulate the Host header in HTTP requests to generate malicious email confirmation links. These links can redirect users to attacker-controlled domains. This vulnerability affects all users relying on email confirmation for account registration or verification. This vulnerability is fixed in 1.2.5-alpha-patch. | ||||
| CVE-2025-64481 | 1 Datasette | 1 Datasette | 2026-04-15 | N/A |
| Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs. | ||||
| CVE-2025-67585 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in flexmls Flexmls® IDX flexmls-idx allows Phishing.This issue affects Flexmls® IDX: from n/a through <= 3.15.7. | ||||
| CVE-2024-45979 | 1 Lpc | 1 Lines Police Cad | 2026-04-15 | 8.8 High |
| A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts. | ||||
| CVE-2024-22243 | 1 Redhat | 1 Jboss Fuse | 2026-04-15 | 8.1 High |
| Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. | ||||
| CVE-2024-1227 | 1 Rejetto | 1 Http File Server | 2026-04-15 | 6.5 Medium |
| An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site. | ||||
| CVE-2025-7777 | 1 Redhat | 1 Mirror Registry | 2026-04-15 | 6.5 Medium |
| The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns. | ||||
| CVE-2025-24868 | 2026-04-15 | 7.1 High | ||
| The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirect URL validation. On successful exploitation attacker can cause limited impact on confidentiality, integrity, and availability of the system. | ||||
| CVE-2024-28287 | 2026-04-15 | 7.3 High | ||
| A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL. | ||||
| CVE-2024-56968 | 2026-04-15 | 6.5 Medium | ||
| An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload. | ||||
| CVE-2025-22227 | 2026-04-15 | 6.1 Medium | ||
| In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. | ||||
| CVE-2024-25657 | 1 Avsystem | 1 Unified Management Platform | 2026-04-15 | 5.4 Medium |
| An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites. | ||||
| CVE-2025-13819 | 1 Mir | 2 Fleet, Robot | 2026-04-15 | 6.1 Medium |
| Open redirect in the web server component of MiR Robot and Fleet software allows a remote attacker to redirect users to arbitrary external websites via a crafted parameter, facilitating phishing or social engineering attacks. | ||||
| CVE-2025-62716 | 1 Makeplane | 1 Plane | 2026-04-15 | 8.1 High |
| Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?next_path query parameter allows attackers to supply arbitrary schemes (e.g., javascript:) that are passed directly to router.push. This results in a cross-site scripting (XSS) vulnerability, enabling attackers to execute arbitrary JavaScript in the victim’s browser. The issue can be exploited without authentication and has severe impact, including information disclosure, and privilege escalation and modifications of administrative settings. This issue has been patched in version 1.1.0. | ||||
| CVE-2025-8737 | 1 Microservices-platform Project | 1 Microservices-platform | 2026-04-15 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in zlt2000 microservices-platform up to 6.0.0. This affects the function onLogoutSuccess of the file src/main/java/com/central/oauth/handler/OauthLogoutSuccessHandler.java. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-43236 | 2026-04-15 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9. | ||||
| CVE-2025-23086 | 2026-04-15 | 6.1 Medium | ||
| On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect. | ||||
| CVE-2025-10355 | 1 Molgenis | 1 Emx2 | 2026-04-15 | N/A |
| Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnerability allows an attacker to create a malicious URL using a manipulated redirection parameter, potentially leading users to phishing sites or other malicious destinations via “/%2f%2f<MALICIOUS_DOMAIN>”. | ||||
| CVE-2024-12990 | 1 Ruifang-tech | 1 Rebuild | 2026-04-15 | 4.3 Medium |
| A vulnerability was found in ruifang-tech Rebuild 3.8.6. It has been classified as problematic. This affects an unknown part of the file /user/admin-verify of the component Admin Verification Page. The manipulation of the argument nexturl with the input http://localhost/evil.html leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||