55 matches found
CVE-2026-40332
Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...
CVE-2026-28413
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...
CVE-2019-18781
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site...
CVE-2025-20382
CVE-2025-20382 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power role) can create a views dashboard with a custom background via the data:image/png;base64 protocol, potentially causing an unvalidated redirect. This bypasses the external URL warning mechan...
CVE-2025-53072
creationtimestamp| type| source ---|---|--- 2025-10-22 04:33:55+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m3qzdj5an22i 2025-10-22 07:21:45+00:00| seen| https://poliverso.org/objects/0477a01e-736b48f2-6409a361f7d72e52 2025-10-22 07:25:50+00:00| seen|...
UBUNTU-CVE-2024-8647
An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled...
GitLab 路径遍历漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A path traversal vulnerability exists in GitLab, which stems from the...
Chatwork 安全漏洞
Chatwork is a business group chat application from Chatwork, Inc. A security vulnerability exists in Chatwork versions prior to 2.9.2, which stems from the use of potentially dangerous functions that, if a user clicks on a specially constructed link in the application, could download and execute...
GHSA-VP8P-C6XJ-XPJ7 Silverstripe External redirection risk in Security?ReturnURL
A vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site. For example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\attacker-site.com will redirect successful logins to the page http://attacker-site.co...
PT-2024-40483 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: SilverStripe framework affected versions not specified Description: A issue has been found in the SilverStripe framework where a login URL can be potentially redirected to an external site. For instance, a URL like...
CVE-2023-28020
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header...
Xxe
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header...
Tauri 输入验证错误漏洞
Tauri is a Tauri open source for building smaller, faster, and more secure desktop applications using a web front end. An input validation error vulnerability exists in Tauri versions 1.0.0 through 1.0.9, 1.1.0 through 1.1.4, and 1.2.0 through 1.2, which stems from the fact that isolation can be...
Drupal external link injection vulnerability
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...
GHSA-WM86-W3CF-H6VM Drupal external link injection vulnerability
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...
Xxe
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible...
CVE-2022-24330
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible...
CVE-2022-24330
CVE-2022-24330 concerns JetBrains TeamCity prior to 2021.2.1, where a redirect to an external site could occur. The issue is documented across multiple sources (NVD entry and Red Hat/CNVD variants) with the same description: a redirection vulnerability in TeamCity before 2021.2.1. The JetBrains s...
Open Redirect in Next.js
Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/error.js was statically generated, allowing an open redirect to occur to an external site. In general, this redirect does not directly...
GHSA-VXF5-WXWP-M7G9 Open Redirect in Next.js
Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/error.js was statically generated, allowing an open redirect to occur to an external site. In general, this redirect does not directly...