Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2022-03-04 CVE-2021-46379 Open Redirect vulnerability in Dlink Dir-850L Firmware 1.08Trb03
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.
network
low complexity
dlink CWE-601
6.1
2022-03-02 CVE-2021-3654 Open Redirect vulnerability in multiple products
A vulnerability was found in openstack-nova's console proxy, noVNC.
network
low complexity
openstack redhat CWE-601
6.1
2022-02-28 CVE-2022-26156 Open Redirect vulnerability in Cherwell Service Management 10.2.3
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3.
network
low complexity
cherwell CWE-601
6.1
2022-02-28 CVE-2022-26158 Open Redirect vulnerability in Cherwell Service Management 10.2.3
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3.
network
low complexity
cherwell CWE-601
6.1
2022-02-25 CVE-2021-23495 Open Redirect vulnerability in Karma Project Karma
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.
network
low complexity
karma-project CWE-601
6.1
2022-02-25 CVE-2022-24330 Open Redirect vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
network
low complexity
jetbrains CWE-601
6.1
2022-02-24 CVE-2021-29217 Open Redirect vulnerability in HPE Oneview Global Dashboard
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5.
network
low complexity
hpe CWE-601
6.1
2022-02-15 CVE-2022-25196 Open Redirect vulnerability in Jenkins Gitlab Authentication
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.
network
low complexity
jenkins CWE-601
5.4
2022-02-11 CVE-2021-46366 Open Redirect vulnerability in Magnolia-Cms Magnolia CMS
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.
network
low complexity
magnolia-cms CWE-601
8.8
2022-02-09 CVE-2022-23102 Open Redirect vulnerability in Siemens Sinema Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0).
network
low complexity
siemens CWE-601
6.1