Total
1255 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2252 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. | ||||
| CVE-2022-2250 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.7 Medium |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. | ||||
| CVE-2022-29718 | 1 Caddyserver | 1 Caddy | 2024-11-21 | 6.1 Medium |
| Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | ||||
| CVE-2022-29272 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | ||||
| CVE-2022-28755 | 1 Zoom | 2 Virtual Desktop Infrastructure, Zoom | 2024-11-21 | 9.6 Critical |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths. | ||||
| CVE-2022-28215 | 1 Sap | 1 Netweaver Abap | 2024-11-21 | 4.7 Medium |
| SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | ||||
| CVE-2022-27861 | 1 Arscode | 1 Ninja Popups | 2024-11-21 | 4.7 Medium |
| Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions. | ||||
| CVE-2022-27547 | 1 Hcltech | 2 Domino, Hcl Inotes | 2024-11-21 | 6.1 Medium |
| HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc. | ||||
| CVE-2022-27509 | 1 Citrix | 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway | 2024-11-21 | 6.1 Medium |
| Unauthenticated redirection to a malicious website | ||||
| CVE-2022-27463 | 1 Wwbn | 1 Avideo | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page. | ||||
| CVE-2022-27461 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 6.1 Medium |
| In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. | ||||
| CVE-2022-27256 | 1 Hubzilla | 1 Hubzilla | 2024-11-21 | 6.1 Medium |
| A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | ||||
| CVE-2022-27110 | 1 Orangehrm | 1 Orangehrm | 2024-11-21 | 5.4 Medium |
| OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint. | ||||
| CVE-2022-27109 | 1 Orangehrm | 1 Orangehrm | 2024-11-21 | 5.4 Medium |
| OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability. | ||||
| CVE-2022-27090 | 1 Chshcms | 1 Cscms | 2024-11-21 | 5.4 Medium |
| Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter. | ||||
| CVE-2022-26950 | 1 Rsa | 1 Archer | 2024-11-21 | 5.4 Medium |
| Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. | ||||
| CVE-2022-26326 | 1 Microfocus | 1 Netiq Access Manager | 2024-11-21 | 4 Medium |
| Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 | ||||
| CVE-2022-26158 | 1 Cherwell | 1 Cherwell Service Management | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | ||||
| CVE-2022-26156 | 1 Cherwell | 1 Cherwell Service Management | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server. | ||||
| CVE-2022-25803 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | 6.1 Medium |
| Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. | ||||