Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-601 Clear
ID Title
CVE-2026-41479 Open Redirect in authlib (CVE-2026-41479)
vulnerability in authlib (CVE-2026-41479). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect_uri``. Mitigation: upgrade to `1.7.1` or later.
CVE-2026-11502 Open Redirect in CVE-2026-11502 (CVE-2026-11502)
vulnerability in CVE-2026-11502 (CVE-2026-11502). Risk of unauthorized operations or information disclosure.
CVE-2026-11477 Open Redirect in CVE-2026-11477 (CVE-2026-11477)
vulnerability in CVE-2026-11477 (CVE-2026-11477). Risk of unauthorized operations or information disclosure.
CVE-2026-47377 Open Redirect in nocodb (CVE-2026-47377)
vulnerability in nocodb (CVE-2026-47377). Risk of unauthorized operations or information disclosure. Exploitable via ``hashRedirect``. Mitigation: upgrade to `2026.04.1` or later.
CVE-2026-21826 Open Redirect in hcltech (CVE-2026-21826)
vulnerability in hcltech (CVE-2026-21826). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
CVE-2026-10861 Open Redirect in misp (CVE-2026-10861)
vulnerability in misp (CVE-2026-10861). Risk of unauthorized operations or information disclosure.
CVE-2026-10856 Open Redirect in misp (CVE-2026-10856)
vulnerability in misp (CVE-2026-10856). Risk of unauthorized operations or information disclosure.
CVE-2026-44889 Open Redirect in webob (CVE-2026-44889)
vulnerability in webob (CVE-2026-44889). Risk of unauthorized operations or information disclosure. Exploitable via ``urllib.parse``. Mitigation: upgrade to `1.8.10` or later.
CVE-2026-43924 Open Redirect in CVE-2026-43924 (CVE-2026-43924)
vulnerability in CVE-2026-43924 (CVE-2026-43924). Risk of unauthorized operations or information disclosure. Exploitable via ``extension_meta``.
CVE-2026-41569 Open Redirect in authentik (CVE-2026-41569)
vulnerability in authentik (CVE-2026-41569). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.2.3` or later.
CVE-2026-40181 Open Redirect in react-router (CVE-2026-40181)
vulnerability in react-router (CVE-2026-40181). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect``. Mitigation: upgrade to `6.30.4` or later.
CVE-2026-45278 Open Redirect in CVE-2026-45278 (CVE-2026-45278)
vulnerability in CVE-2026-45278 (CVE-2026-45278). Risk of unauthorized operations or information disclosure.
CVE-2026-40961 Open Redirect in airflow (CVE-2026-40961)
vulnerability in airflow (CVE-2026-40961). Risk of unauthorized operations or information disclosure. Exploitable via ``is_safe_url``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-49380 In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
CVE-2026-45307 Open Redirect in CVE-2026-45307 (CVE-2026-45307)
vulnerability in CVE-2026-45307 (CVE-2026-45307). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.8.20-alpha` or later.
CVE-2026-45335 Open Redirect in CVE-2026-45335 (CVE-2026-45335)
vulnerability in CVE-2026-45335 (CVE-2026-45335). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.3` or later.
CVE-2026-49059 Open Redirect in CVE-2026-49059 (CVE-2026-49059)
vulnerability in CVE-2026-49059 (CVE-2026-49059). Risk of unauthorized operations or information disclosure.
CVE-2026-48924 Open Redirect in org.jenkins-ci.plugins:bitbucket-oauth (CVE-2026-48924)
vulnerability in org.jenkins-ci.plugins:bitbucket-oauth (CVE-2026-48924). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.18` or later.
CVE-2026-48589 Open Redirect in apache (CVE-2026-48589)
vulnerability in apache (CVE-2026-48589). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`.
CVE-2026-44598 Open Redirect in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598)
vulnerability in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-alpha-2` or later.
CVE-2026-48832 action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
CVE-2026-47070 Open Redirect in hackney (CVE-2026-47070)
vulnerability in hackney (CVE-2026-47070). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``. Mitigation: upgrade to `4.0.1` or later.
CVE-2026-46616 Open Redirect in Umbraco.Cms (CVE-2026-46616)
vulnerability in Umbraco.Cms (CVE-2026-46616). Risk of unauthorized operations or information disclosure. Exploitable via ``UmbLoginStatusController``. Mitigation: upgrade to `17.4.0` or later.
CVE-2026-2813 Open Redirect in esri (CVE-2026-2813)
vulnerability in esri (CVE-2026-2813). Risk of unauthorized operations or information disclosure.
CVE-2026-7504 Open Redirect in org.keycloak:keycloak-services (CVE-2026-7504)
vulnerability in org.keycloak:keycloak-services (CVE-2026-7504). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.2` or later.
CVE-2026-45037 Vulnerability in tabby (CVE-2026-45037)
vulnerability in tabby (CVE-2026-45037). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.232` or later.
CVE-2026-42207 Open Redirect in openmage/magento-lts (CVE-2026-42207)
vulnerability in openmage/magento-lts (CVE-2026-42207). Risk of unauthorized operations or information disclosure. Exploitable via `GET /productalert/add/stock/`. Mitigation: upgrade to `20.18.0` or later.
CVE-2025-65954 Open Redirect in simplesamlphp/simplesamlphp-module-casserver (CVE-2025-65954)
vulnerability in simplesamlphp/simplesamlphp-module-casserver (CVE-2025-65954). Risk of unauthorized operations or information disclosure. Exploitable via ``url``. Mitigation: upgrade to `6.3.1` or later.
CVE-2026-44520 Open Redirect in docling-graph (CVE-2026-44520)
vulnerability in docling-graph (CVE-2026-44520). Confidential information can be exposed externally. Exploitable via ``URLInputHandler``. Mitigation: upgrade to `1.5.1` or later.
CVE-2026-45448 CWE-601 URL redirection to untrusted site ('open redirect')
CWE-601 URL redirection to untrusted site ('open redirect')
CVE-2026-44503 Open Redirect in com.microsoft.kiota:microsoft-kiota-abstractions (CVE-2026-44503)
vulnerability in com.microsoft.kiota:microsoft-kiota-abstractions (CVE-2026-44503). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-44437 Path Traversal in @angular/ssr (CVE-2026-44437)
path traversal in @angular/ssr (CVE-2026-44437). Risk of unauthorized operations or information disclosure. Exploitable via ``redirectTo``. Mitigation: upgrade to `19.2.25` or later.
CVE-2026-45055 Vulnerability in CVE-2026-45055 (CVE-2026-45055)
vulnerability in CVE-2026-45055 (CVE-2026-45055). Confidential information can be exposed externally. Exploitable via `POST /index.php`. Mitigation: upgrade to `6.7.2` or later.
CVE-2026-44372 Open Redirect in nitro (CVE-2026-44372)
vulnerability in nitro (CVE-2026-44372). Risk of unauthorized operations or information disclosure. Exploitable via `GET /legacy//evil.com`. Mitigation: upgrade to `3.0.260429-beta` or later.
CVE-2026-44681 Open Redirect in authlib (CVE-2026-44681)
vulnerability in authlib (CVE-2026-44681). Risk of unauthorized operations or information disclosure. Exploitable via `GET /oauth/authorize`. Mitigation: upgrade to `3be08468` or later.
CVE-2026-41513 Open Redirect in CVE-2026-41513 (CVE-2026-41513)
vulnerability in CVE-2026-41513 (CVE-2026-41513). Risk of unauthorized operations or information disclosure.
CVE-2026-42565 Open Redirect in @workos/authkit-session (CVE-2026-42565)
vulnerability in @workos/authkit-session (CVE-2026-42565). Risk of unauthorized operations or information disclosure. Exploitable via ``AuthService.handleCallback``. Mitigation: upgrade to `0.5.1` or later.
CVE-2026-44833 Open Redirect in snipe/snipe-it (CVE-2026-44833)
vulnerability in snipe/snipe-it (CVE-2026-44833). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `8.4.1` or later.
CVE-2026-42350 Open Redirect in CVE-2026-42350 (CVE-2026-42350)
vulnerability in CVE-2026-42350 (CVE-2026-42350). Risk of unauthorized operations or information disclosure.
CVE-2026-42195 Information Disclosure in CVE-2026-42195 (CVE-2026-42195)
vulnerability in CVE-2026-42195 (CVE-2026-42195). Risk of unauthorized operations or information disclosure.
CVE-2026-44427 Open Redirect in github.com/modelcontextprotocol/registry (CVE-2026-44427)
vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44427). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.5` or later.
CVE-2026-40295 Open Redirect in devise (CVE-2026-40295)
vulnerability in devise (CVE-2026-40295). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `5.0.4` or later.
CVE-2026-3318 Open Redirect in CVE-2026-3318 (CVE-2026-3318)
vulnerability in CVE-2026-3318 (CVE-2026-3318). Risk of unauthorized operations or information disclosure.
CVE-2026-43941 Vulnerability in electerm (CVE-2026-43941)
vulnerability in electerm (CVE-2026-43941). Successful exploitation can lead to full system takeover. Exploitable via ``shell.openExternal``.
CVE-2026-42259 Open Redirect in @saltcorn/server (CVE-2026-42259)
vulnerability in @saltcorn/server (CVE-2026-42259). Risk of unauthorized operations or information disclosure. Exploitable via ``dest``. Mitigation: upgrade to `1.6.0-beta.5` or later.
CVE-2026-35253 Open Redirect in oracle (CVE-2026-35253)
vulnerability in oracle (CVE-2026-35253). Risk of unauthorized operations or information disclosure.
CVE-2025-61669 Open Redirect in jupyter-server (CVE-2025-61669)
vulnerability in jupyter-server (CVE-2025-61669). Risk of unauthorized operations or information disclosure. Exploitable via ``google.com``. Mitigation: upgrade to `2.18.0` or later.
CVE-2026-34257 Open Redirect in sap (CVE-2026-34257)
vulnerability in sap (CVE-2026-34257). Risk of unauthorized operations or information disclosure.
CVE-2026-35404 Open Redirect in openedx (CVE-2026-35404)
vulnerability in openedx (CVE-2026-35404). Risk of unauthorized operations or information disclosure.
CVE-2026-3872 Open Redirect in redhat (CVE-2026-3872)
vulnerability in redhat (CVE-2026-3872). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →