Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2022-08-29 CVE-2020-26938 Open Redirect vulnerability in Oauth2-Server Project Oauth2-Server
In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection.
network
low complexity
oauth2-server-project CWE-601
7.2
2022-08-29 CVE-2022-27547 Open Redirect vulnerability in Hcltech Domino and HCL Inotes
HCL iNotes is susceptible to a link to non-existent domain vulnerability.
network
low complexity
hcltech CWE-601
7.4
2022-08-23 CVE-2021-28861 Open Redirect vulnerability in multiple products
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.
network
low complexity
python fedoraproject CWE-601
7.4
2022-08-16 CVE-2022-25799 Open Redirect vulnerability in Cert Vince 1.48.0/1.49.0
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0.
network
low complexity
cert CWE-601
6.1
2022-08-11 CVE-2022-28755 Open Redirect vulnerability in Zoom
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability.
network
low complexity
zoom CWE-601
6.1
2022-08-05 CVE-2022-31657 Open Redirect vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability.
network
low complexity
vmware CWE-601
critical
9.8
2022-08-02 CVE-2021-23385 Open Redirect vulnerability in Flask-Security Project Flask-Security
This affects all versions of package Flask-Security.
network
low complexity
flask-security-project CWE-601
6.1
2022-07-28 CVE-2022-27509 Open Redirect vulnerability in Citrix Application Delivery Controller Firmware and Gateway
Unauthenticated redirection to a malicious website
network
low complexity
citrix CWE-601
6.1
2022-07-26 CVE-2022-30706 Open Redirect vulnerability in Twinkletoessoftware Booked
Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
network
low complexity
twinkletoessoftware CWE-601
6.1
2022-07-25 CVE-2022-35652 Open Redirect vulnerability in multiple products
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature.
network
low complexity
moodle fedoraproject CWE-601
6.1