Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-41479 |
|
Open Redirect in authlib (CVE-2026-41479)
vulnerability in authlib (CVE-2026-41479). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect_uri``. Mitigation: upgrade to `1.7.1` or later.
|
| CVE-2026-11502 |
|
Open Redirect in CVE-2026-11502 (CVE-2026-11502)
vulnerability in CVE-2026-11502 (CVE-2026-11502). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11477 |
|
Open Redirect in CVE-2026-11477 (CVE-2026-11477)
vulnerability in CVE-2026-11477 (CVE-2026-11477). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47377 |
|
Open Redirect in nocodb (CVE-2026-47377)
vulnerability in nocodb (CVE-2026-47377). Risk of unauthorized operations or information disclosure. Exploitable via ``hashRedirect``. Mitigation: upgrade to `2026.04.1` or later.
|
| CVE-2026-21826 |
|
Open Redirect in hcltech (CVE-2026-21826)
vulnerability in hcltech (CVE-2026-21826). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
|
| CVE-2026-10861 |
|
Open Redirect in misp (CVE-2026-10861)
vulnerability in misp (CVE-2026-10861). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10856 |
|
Open Redirect in misp (CVE-2026-10856)
vulnerability in misp (CVE-2026-10856). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44889 |
|
Open Redirect in webob (CVE-2026-44889)
vulnerability in webob (CVE-2026-44889). Risk of unauthorized operations or information disclosure. Exploitable via ``urllib.parse``. Mitigation: upgrade to `1.8.10` or later.
|
| CVE-2026-43924 |
|
Open Redirect in CVE-2026-43924 (CVE-2026-43924)
vulnerability in CVE-2026-43924 (CVE-2026-43924). Risk of unauthorized operations or information disclosure. Exploitable via ``extension_meta``.
|
| CVE-2026-41569 |
|
Open Redirect in authentik (CVE-2026-41569)
vulnerability in authentik (CVE-2026-41569). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.2.3` or later.
|
| CVE-2026-40181 |
|
Open Redirect in react-router (CVE-2026-40181)
vulnerability in react-router (CVE-2026-40181). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect``. Mitigation: upgrade to `6.30.4` or later.
|
| CVE-2026-45278 |
|
Open Redirect in CVE-2026-45278 (CVE-2026-45278)
vulnerability in CVE-2026-45278 (CVE-2026-45278). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40961 |
|
Open Redirect in airflow (CVE-2026-40961)
vulnerability in airflow (CVE-2026-40961). Risk of unauthorized operations or information disclosure. Exploitable via ``is_safe_url``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-49380 |
|
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
|
| CVE-2026-45307 |
|
Open Redirect in CVE-2026-45307 (CVE-2026-45307)
vulnerability in CVE-2026-45307 (CVE-2026-45307). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.8.20-alpha` or later.
|
| CVE-2026-45335 |
|
Open Redirect in CVE-2026-45335 (CVE-2026-45335)
vulnerability in CVE-2026-45335 (CVE-2026-45335). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-49059 |
|
Open Redirect in CVE-2026-49059 (CVE-2026-49059)
vulnerability in CVE-2026-49059 (CVE-2026-49059). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48924 |
|
Open Redirect in org.jenkins-ci.plugins:bitbucket-oauth (CVE-2026-48924)
vulnerability in org.jenkins-ci.plugins:bitbucket-oauth (CVE-2026-48924). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.18` or later.
|
| CVE-2026-48589 |
|
Open Redirect in apache (CVE-2026-48589)
vulnerability in apache (CVE-2026-48589). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`.
|
| CVE-2026-44598 |
|
Open Redirect in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598)
vulnerability in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-alpha-2` or later.
|
| CVE-2026-48832 |
|
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
|
| CVE-2026-47070 |
|
Open Redirect in hackney (CVE-2026-47070)
vulnerability in hackney (CVE-2026-47070). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-46616 |
|
Open Redirect in Umbraco.Cms (CVE-2026-46616)
vulnerability in Umbraco.Cms (CVE-2026-46616). Risk of unauthorized operations or information disclosure. Exploitable via ``UmbLoginStatusController``. Mitigation: upgrade to `17.4.0` or later.
|
| CVE-2026-2813 |
|
Open Redirect in esri (CVE-2026-2813)
vulnerability in esri (CVE-2026-2813). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7504 |
|
Open Redirect in org.keycloak:keycloak-services (CVE-2026-7504)
vulnerability in org.keycloak:keycloak-services (CVE-2026-7504). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.2` or later.
|
| CVE-2026-45037 |
|
Vulnerability in tabby (CVE-2026-45037)
vulnerability in tabby (CVE-2026-45037). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.232` or later.
|
| CVE-2026-42207 |
|
Open Redirect in openmage/magento-lts (CVE-2026-42207)
vulnerability in openmage/magento-lts (CVE-2026-42207). Risk of unauthorized operations or information disclosure. Exploitable via `GET /productalert/add/stock/`. Mitigation: upgrade to `20.18.0` or later.
|
| CVE-2025-65954 |
|
Open Redirect in simplesamlphp/simplesamlphp-module-casserver (CVE-2025-65954)
vulnerability in simplesamlphp/simplesamlphp-module-casserver (CVE-2025-65954). Risk of unauthorized operations or information disclosure. Exploitable via ``url``. Mitigation: upgrade to `6.3.1` or later.
|
| CVE-2026-44520 |
|
Open Redirect in docling-graph (CVE-2026-44520)
vulnerability in docling-graph (CVE-2026-44520). Confidential information can be exposed externally. Exploitable via ``URLInputHandler``. Mitigation: upgrade to `1.5.1` or later.
|
| CVE-2026-45448 |
|
CWE-601 URL redirection to untrusted site ('open redirect')
CWE-601 URL redirection to untrusted site ('open redirect')
|
| CVE-2026-44503 |
|
Open Redirect in com.microsoft.kiota:microsoft-kiota-abstractions (CVE-2026-44503)
vulnerability in com.microsoft.kiota:microsoft-kiota-abstractions (CVE-2026-44503). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-44437 |
|
Path Traversal in @angular/ssr (CVE-2026-44437)
path traversal in @angular/ssr (CVE-2026-44437). Risk of unauthorized operations or information disclosure. Exploitable via ``redirectTo``. Mitigation: upgrade to `19.2.25` or later.
|
| CVE-2026-45055 |
|
Vulnerability in CVE-2026-45055 (CVE-2026-45055)
vulnerability in CVE-2026-45055 (CVE-2026-45055). Confidential information can be exposed externally. Exploitable via `POST /index.php`. Mitigation: upgrade to `6.7.2` or later.
|
| CVE-2026-44372 |
|
Open Redirect in nitro (CVE-2026-44372)
vulnerability in nitro (CVE-2026-44372). Risk of unauthorized operations or information disclosure. Exploitable via `GET /legacy//evil.com`. Mitigation: upgrade to `3.0.260429-beta` or later.
|
| CVE-2026-44681 |
|
Open Redirect in authlib (CVE-2026-44681)
vulnerability in authlib (CVE-2026-44681). Risk of unauthorized operations or information disclosure. Exploitable via `GET /oauth/authorize`. Mitigation: upgrade to `3be08468` or later.
|
| CVE-2026-41513 |
|
Open Redirect in CVE-2026-41513 (CVE-2026-41513)
vulnerability in CVE-2026-41513 (CVE-2026-41513). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42565 |
|
Open Redirect in @workos/authkit-session (CVE-2026-42565)
vulnerability in @workos/authkit-session (CVE-2026-42565). Risk of unauthorized operations or information disclosure. Exploitable via ``AuthService.handleCallback``. Mitigation: upgrade to `0.5.1` or later.
|
| CVE-2026-44833 |
|
Open Redirect in snipe/snipe-it (CVE-2026-44833)
vulnerability in snipe/snipe-it (CVE-2026-44833). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `8.4.1` or later.
|
| CVE-2026-42350 |
|
Open Redirect in CVE-2026-42350 (CVE-2026-42350)
vulnerability in CVE-2026-42350 (CVE-2026-42350). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42195 |
|
Information Disclosure in CVE-2026-42195 (CVE-2026-42195)
vulnerability in CVE-2026-42195 (CVE-2026-42195). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44427 |
|
Open Redirect in github.com/modelcontextprotocol/registry (CVE-2026-44427)
vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44427). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.5` or later.
|
| CVE-2026-40295 |
|
Open Redirect in devise (CVE-2026-40295)
vulnerability in devise (CVE-2026-40295). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `5.0.4` or later.
|
| CVE-2026-3318 |
|
Open Redirect in CVE-2026-3318 (CVE-2026-3318)
vulnerability in CVE-2026-3318 (CVE-2026-3318). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43941 |
|
Vulnerability in electerm (CVE-2026-43941)
vulnerability in electerm (CVE-2026-43941). Successful exploitation can lead to full system takeover. Exploitable via ``shell.openExternal``.
|
| CVE-2026-42259 |
|
Open Redirect in @saltcorn/server (CVE-2026-42259)
vulnerability in @saltcorn/server (CVE-2026-42259). Risk of unauthorized operations or information disclosure. Exploitable via ``dest``. Mitigation: upgrade to `1.6.0-beta.5` or later.
|
| CVE-2026-35253 |
|
Open Redirect in oracle (CVE-2026-35253)
vulnerability in oracle (CVE-2026-35253). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61669 |
|
Open Redirect in jupyter-server (CVE-2025-61669)
vulnerability in jupyter-server (CVE-2025-61669). Risk of unauthorized operations or information disclosure. Exploitable via ``google.com``. Mitigation: upgrade to `2.18.0` or later.
|
| CVE-2026-34257 |
|
Open Redirect in sap (CVE-2026-34257)
vulnerability in sap (CVE-2026-34257). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35404 |
|
Open Redirect in openedx (CVE-2026-35404)
vulnerability in openedx (CVE-2026-35404). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3872 |
|
Open Redirect in redhat (CVE-2026-3872)
vulnerability in redhat (CVE-2026-3872). Confidential information can be exposed externally.
|