CVE-2026-41226

CVE-2026-41226 describes an open redirect vulnerability in Ricoh Web Image Monitor used by multiple laser printers and MFPs. The issue occurs when a user accesses a specially crafted URL, which can redirect to an arbitrary site and potentially enable phishing. The CVE is reflected in multiple sou...

CVE-2026-21741

An URL Redirection to Untrusted Site 'Open Redirect' vulnerability CWE-601 vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary...

PT-2026-32662

Name of the Vulnerable Software and Affected Versions FortiNAC-F versions 7.6.0 through 7.6.5 FortiNAC-F 7.4 affected versions not specified FortiNAC-F 7.2 affected versions not specified Description An Open Redirect issue exists where a remote privileged attacker with a system administrator role...

CVE-2026-27982

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled it is disabled by default, which may allow an attacker to redirect users to an arbitrary external website via a crafted URL...

CVE-2025-71244

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...

CVE-2025-64781

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

EUVD-2009-1107

Malware in sbrugna...

EUVD-2024-44452

Malicious code in bioql PyPI...

CVE-2025-57879 BUG-000171009 - URL manipulation vulnerability in Portal for ArcGIS.

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks...

CVE-2021-35037

Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may b...

CVE-2023-47179 WordPress WooODT Lite plugin <= 2.4.6 - Arbitrary Site Option Update vulnerability

Missing Authorization vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through = 2.4.6...

WordPress plugin Booking & Appointment Plugin for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

The vulnerability of the Loway QueueMetrics software for analyzing call center efficiency metrics lies in the redirection of URLs to an unreliable website during the loading of the entry page. This allows a hacker to redirect users to any arbitrary URL address.

The vulnerability of the Loway QueueMetrics software for analyzing call center performance metrics is related to the redirection of URLs to an unreliable website during the loading of the login page. Exploiting this vulnerability allows a malicious actor to redirect users to any given URL address...

CVE-2024-46331

ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted URL...

Red Hat Keycloak 输入验证错误漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. An input validation error vulnerability exists in Red Hat Keycloak versions prior to 25.0.6, which stems from a configuration error that allows...

CVE-2024-4882

Progress Sitefinity CVE-2024-4882 affects Sitefinity 15.1.8321.0 and earlier, enabling redirects to arbitrary sites via a URL redirect vulnerability. The issue is a user-facing open redirect affecting the application’s navigation flow. Affected component/behavior: redirect handling within Sitefin...

PT-2024-19872 · Kibana +1 · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. Recommendations: At the momen...

CVE-2024-4898

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...

ROS-20240606-08

A vulnerability in the Portainer container management platform is related to the use of open redirection. Exploitation of the vulnerability could allow an attacker to redirect a user to an arbitrary site...