CWE-601: Open Redirect

An Open Redirect vulnerability in SAP Business Connector allows unauthenticated attackers to craft malicious URLs that redirect victims to attacker-co...

An open redirect vulnerability in Red Hat Single Sign-On allows attackers to redirect users to malicious websites during logout. This occurs when the ...

This CVE describes a DNS rebinding vulnerability in Liferay Portal and DXP that allows attackers to redirect users to malicious external URLs. Affecte...

This vulnerability allows attackers to redirect authenticated users to malicious external websites via an unvalidated redirect parameter on the login ...

This open redirect vulnerability in Liferay Portal and DXP allows attackers to redirect authenticated users to malicious external websites by manipula...

This CVE describes an open redirect vulnerability in Frappe web framework's login page. Attackers can craft malicious URLs that redirect users to arbi...

CVE-2025-54088 is an open-redirect vulnerability in Secure Access software that allows attackers with console access to redirect victims to malicious ...

This CVE describes an open redirect vulnerability in Weblate versions 5.13.2 and below when configured with Anubis and REDIRECT_DOMAINS is not set. At...

An unvalidated redirect vulnerability in Esri Portal for ArcGIS allows attackers to craft malicious URLs that redirect users to arbitrary websites. Th...

This vulnerability allows remote attackers to create malicious URLs that redirect users to arbitrary websites without validation. It affects unauthent...

This CVE describes an unvalidated redirect vulnerability in Esri Portal for ArcGIS that allows attackers to craft malicious URLs. When clicked, these ...

This CVE describes an open redirect vulnerability in Liferay Portal and DXP that allows attackers to redirect users to malicious external websites. Th...

An open-redirect vulnerability in TYPO3 CMS's GeneralUtility::sanitizeLocalUrl function allows attackers to redirect users to malicious external websi...

An open redirect vulnerability in Liferay Portal and DXP allows attackers to manipulate the /c/portal/edit_info_item parameter to redirect users to ma...

Astro web framework versions 5.2.0 through 5.12.7 contain an open redirect vulnerability in trailing slash redirection logic when handling paths with ...

This CVE describes a URL redirection vulnerability in SAP BusinessObjects Content Administrator Workbench where insufficient URL sanitization allows a...

An open redirect vulnerability in gnuboard5 v5.5.16 allows attackers to redirect users to malicious websites by exploiting insufficient URL parameter ...

An open redirect vulnerability in gnuboard5 v5.5.16 allows attackers to redirect users to malicious websites via the bbs/member_confirm.php endpoint. ...

This vulnerability allows unauthenticated attackers to redirect WordPress users to malicious websites by exploiting insufficient URL validation in the...

This is an open redirect vulnerability in Horilla HRMS that allows attackers to craft URLs that redirect users to external malicious domains after log...

The wccp-pro WordPress plugin before version 15.3 contains an open redirect vulnerability via the referrer parameter. This allows attackers to redirec...

The Payment Gateway for Telcell WordPress plugin through version 2.0.1 contains an open redirect vulnerability. Attackers can craft malicious URLs tha...

This CVE describes an OAuth redirect URI validation vulnerability in the workers-oauth-provider library used in Cloudflare's MCP framework. Attackers ...

This CVE describes an open redirect vulnerability in Internet Starter, a module of the SoftCOM iKSORIS system. Attackers can manipulate the 'target' p...

The Advanced Advertising System WordPress plugin has an open redirect vulnerability that allows unauthenticated attackers to redirect users to malicio...

An open redirect vulnerability in haotian-liu/llava v1.2.0 allows attackers to redirect users to malicious websites via crafted URLs. This affects all...

An open redirect vulnerability in gradio-app/gradio allows attackers to redirect users to malicious websites using URL encoding. This affects all user...

An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows attackers to redirect users to malicious websites via cra...

An open redirect vulnerability in lm-sys/fastchat v0.2.36 allows attackers to redirect users to malicious websites via crafted URLs. This affects all ...

An open redirect vulnerability in binary-husky/gpt_academic version 3.83 allows attackers to redirect users to malicious websites via the 'file' param...

CodeChecker web server versions through 6.24.5 contain an open redirect vulnerability that allows attackers to redirect users to malicious websites. T...

This vulnerability in Oracle JD Edwards EnterpriseOne Tools allows unauthenticated attackers to manipulate or view data by tricking users into interac...

This CVE describes an Open Redirect vulnerability in WeGIA web management software for charitable institutions. Authenticated users can be tricked int...

This vulnerability in Brave Browser allows malicious websites to spoof trusted site origins in file upload/download dialogs when combined with open re...

Adobe Connect versions 12.6, 11.4.7 and earlier contain an open redirect vulnerability (CWE-601) that allows attackers to redirect users to malicious ...

This vulnerability in Traefik allows attackers to manipulate the X-Forwarded-Prefix header from untrusted sources, potentially enabling URL redirectio...

An open redirection vulnerability in pyload/pyload version 0.5.0 allows attackers to redirect users to malicious websites by manipulating the 'next' p...

CVE-2024-25566 is an open-redirect vulnerability in PingAM where attackers can craft requests that bypass URL validation. This allows redirecting user...

This vulnerability in Public Knowledge Project pkp-lib allows attackers to redirect users to malicious websites after logout due to insufficient input...

This vulnerability allows attackers to spoof the address bar in Firefox for Android by exploiting an open redirect on a trusted site. When users are r...

CVE-2024-7260 is an open redirect vulnerability in Keycloak that allows attackers to craft malicious URLs that appear to be legitimate Keycloak pages ...

WebITR from Uniong has an Open Redirect vulnerability that allows attackers to create malicious URLs that appear legitimate. When users click these li...

This CVE describes an open redirect vulnerability in Loway software where attackers can redirect users to malicious websites. It affects systems runni...

This vulnerability allows malicious websites with popup permissions to overlay select elements on top of legitimate sites, enabling UI spoofing attack...

An open redirect vulnerability in vTiger CRM v7.4.0 allows attackers to craft malicious URLs that redirect users to untrusted external sites. This aff...

This CVE describes an Open Redirect vulnerability in Gnuboard v6.0.4 and earlier versions. Attackers can manipulate the 'url' parameter in the login p...

OpenSearch Dashboards Security Plugin versions before 1.3.19 and 2.16.0 have an open redirect vulnerability in the login flow. Attackers can craft mal...

This vulnerability in WebOb allows attackers to manipulate HTTP redirects by injecting malicious URLs into Location headers, potentially redirecting u...

The WPS Hide Login WordPress plugin before version 1.9.16.4 fails to properly restrict access to hidden login pages, allowing unauthenticated visitors...

An open redirect vulnerability in imartinez/privategpt version 0.5.0 allows attackers to redirect users to malicious websites by manipulating the 'fil...