CWE-601: Open Redirect

This vulnerability allows unauthenticated attackers to craft malicious links that redirect victims to attacker-controlled websites when clicked. It af...

The Export WP Page to Static HTML/CSS WordPress plugin contains an open redirect vulnerability that allows unauthenticated attackers to redirect users...

CVE-2024-2419 is a redirect_uri validation bypass vulnerability in Keycloak that allows attackers to steal access tokens by circumventing host validat...

VMware SD-WAN Orchestrator has an open redirect vulnerability that allows attackers to redirect users to malicious websites. This could lead to sensit...

CVE-2024-2465 is an open redirection vulnerability in the CDeX application that allows attackers to redirect users to malicious websites via crafted U...

This vulnerability in Keycloak's redirect_uri validation logic allows attackers to bypass host restrictions and steal access tokens. Attackers can the...

This CVE describes an open redirect vulnerability in SolarWinds Platform where attackers can manipulate URL parameters to redirect users to malicious ...

This vulnerability in the Windows Mobile Broadband Driver allows remote attackers to execute arbitrary code on affected systems. Attackers could explo...

This vulnerability in SAP NetWeaver ABAP and SAP S/4HANA allows authenticated attackers to modify text data through unauthorized access to a specific ...

CVE-2025-7777 is an open redirect vulnerability in mirror-registry where improper host header sanitization allows attackers to redirect users to malic...

This vulnerability in the Govee Home iOS app allows attackers to access sensitive user information by sending a specially crafted payload. It affects ...

This vulnerability in Shuqi Novel iOS app allows attackers to access sensitive user information by tricking users into clicking a specially crafted li...

This vulnerability in QQMail iOS app allows attackers to access sensitive user information by tricking users into clicking a specially crafted link. I...

This vulnerability in Mashang Consumer Finance Co., Ltd's Anyihua iOS app allows attackers to access sensitive user information by tricking users into...

This vulnerability in WeSing iOS app allows attackers to access sensitive user information by tricking users into clicking a malicious link. It affect...

This vulnerability in Guazi Used Car iOS app allows attackers to access sensitive user information by tricking users into clicking a crafted malicious...

This vulnerability in Qidian Reader iOS app allows attackers to access sensitive user information by tricking users into clicking a specially crafted ...

This vulnerability in BeautyCam iOS app allows attackers to access sensitive user information by tricking users into clicking a crafted malicious link...

This vulnerability in University Search iOS app allows attackers to access sensitive user information by tricking users into clicking a maliciously cr...

This vulnerability in UU Game Booster iOS app allows attackers to access sensitive user information by tricking users into clicking a specially crafte...

This vulnerability in Baidu Input Method for iOS allows attackers to access user information by tricking users into clicking a specially crafted link....

This CVE describes an open redirect vulnerability in GitLab EE that could allow attackers to hijack OAuth flows and potentially take over user account...

This vulnerability allows attackers to create QR codes that spoof Chrome's Lens UI on iOS, potentially tricking users into interacting with malicious ...

This CVE describes an open redirect vulnerability in Akınsoft QR Menü software that allows attackers to redirect users to malicious websites. The vu...

An open redirect vulnerability in Reolink firmware allows attackers to craft URLs that redirect users to malicious websites. This affects users of Reo...

This vulnerability in Sielox AnyWare v2.1.2 allows attackers to redirect users to malicious websites through crafted URLs, enabling man-in-the-middle ...

OpenEMR versions before 8.0.0 contain an open redirect vulnerability in the Eye Exam form module that allows authenticated users to be redirected to a...

CVE-2026-24328 is an open redirect vulnerability in SAP TAF_APPLAUNCHER within Business Server Pages that allows unauthenticated attackers to craft ma...

This CVE describes a reflected cross-site scripting (XSS) vulnerability in BSP applications where unauthenticated attackers can inject malicious scrip...

A host header injection vulnerability in Yokogawa FAST/TOOLS allows attackers to redirect users to malicious websites by manipulating request headers....

The client-certificate-auth middleware for Node.js contains an open redirect vulnerability in versions 0.2.1 and 0.3.0. It unconditionally redirects H...

NocoDB versions before 0.301.0 contain an open redirect vulnerability in the login flow. Attackers can redirect authenticated users to malicious websi...

WeGIA versions before 3.6.2 contain an open redirect vulnerability in the control.php endpoint. Attackers can manipulate the nextPage parameter to red...

This CVE describes an Open Redirect vulnerability in WeGIA web manager for charitable institutions. Attackers can redirect users to malicious external...

This CVE describes an open redirect vulnerability in WeGIA web management software for charitable institutions. Attackers can redirect users to malici...

This open redirect vulnerability in WeGIA allows attackers to redirect users to malicious external websites by manipulating the nextPage parameter. It...

WeGIA versions before 3.6.2 contain an open redirect vulnerability in the control.php endpoint. Attackers can manipulate the nextPage parameter to red...

This CVE describes an open redirect vulnerability (CWE-601) that allows attackers to redirect users to malicious websites. It affects web applications...

An open redirect vulnerability in Blitz Panel v1.17.0 allows attackers to redirect authenticated users to malicious domains via crafted URLs. This aff...

This CVE describes an open redirect vulnerability in the WordPress 'Accept Donations with PayPal' plugin. Attackers can craft malicious URLs that redi...

This CVE describes an open redirect vulnerability in the WordPress User Submitted Posts plugin that allows attackers to redirect users to malicious we...

AVideo versions before 20.1 contain an open redirect vulnerability in the login functionality. Attackers can craft malicious links that redirect users...

AVideo versions before 20.1 contain an open redirect vulnerability in the user registration process. Attackers can manipulate the siteRedirectUri para...

This CVE describes an open redirect vulnerability in the Directorist WordPress plugin that allows attackers to redirect users to malicious websites. A...

KodExplorer 4.52 contains an open redirect vulnerability in the user login page. Attackers can manipulate the 'link' parameter to redirect authenticat...

Miniflux 2 versions 2.2.14 and below contain an open redirect vulnerability that allows attackers to redirect users to malicious websites after login....

Central Dogma versions before 0.78.0 contain an open redirect vulnerability that allows attackers to craft malicious URLs that redirect users to untru...

This CVE describes an open redirect vulnerability in JumpServer's internationalization endpoint. Attackers can craft malicious URLs that redirect user...

A Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests. This can redir...

CVE-2025-42924 is an open redirect vulnerability in SAP S/4HANA's E-Recruiting BSP component that allows unauthenticated attackers to craft malicious ...