Total
1334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36419 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.3 Medium |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the `/legacy` route. Version 8.6.1 contains a patch for the issue. | ||||
| CVE-2024-34065 | 1 Strapi | 1 Strapi | 2024-11-21 | 7.1 High |
| Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch. | ||||
| CVE-2024-33930 | 2024-11-21 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ILLID Share This Image.This issue affects Share This Image: from n/a through 1.97. | ||||
| CVE-2024-33584 | 2024-11-21 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Deepen Bajracharya Video Conferencing with Zoom.This issue affects Video Conferencing with Zoom: from n/a through 4.4.4. | ||||
| CVE-2024-32129 | 2024-11-21 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.6. | ||||
| CVE-2024-31135 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.1 Medium |
| In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | ||||
| CVE-2024-28287 | 2024-11-21 | 7.3 High | ||
| A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL. | ||||
| CVE-2024-26504 | 1 Wifire | 1 Hotspot | 2024-11-21 | 8.8 High |
| An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. | ||||
| CVE-2024-24764 | 1 Octobercms | 1 October | 2024-11-21 | 3.5 Low |
| October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15. | ||||
| CVE-2024-23442 | 1 Elastic | 1 Kibana | 2024-11-21 | 6.1 Medium |
| An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | ||||
| CVE-2024-22248 | 2024-11-21 | 7.1 High | ||
| VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | ||||
| CVE-2024-21734 | 1 Sap | 1 Marketing | 2024-11-21 | 3.7 Low |
| SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application. | ||||
| CVE-2024-0953 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129. | ||||
| CVE-2024-0319 | 1 Fireeye | 1 Hxtool | 2024-11-21 | 5.4 Medium |
| Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter. | ||||
| CVE-2023-6545 | 1 Beckhoff | 2 Authelia-bhf, Twincat\/bsd | 2024-11-21 | 4.7 Medium |
| The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia. | ||||
| CVE-2023-6380 | 1 Alkacon | 1 Opencms | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter. | ||||
| CVE-2023-5629 | 1 Schneider-electric | 32 Eb450, Eb450 Firmware, Eb45e and 29 more | 2024-11-21 | 8.2 High |
| A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. | ||||
| CVE-2023-5610 | 1 S-sols | 1 Seraphinite Accelerator | 2024-11-21 | 5.4 Medium |
| The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect | ||||
| CVE-2023-5445 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 5.4 Medium |
| An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server. | ||||
| CVE-2023-5375 | 1 Mosparo | 1 Mosparo | 2024-11-21 | 6.1 Medium |
| Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. | ||||