Weaknesses of type CWE-601
993 resultsCVE-2023-28370MEDIUMOpen redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrarEPSS 1.1%CVE-2021-22963—A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a EPSS 1.1%CVE-2019-15073—Openfind MAIL2000 Webmail Pre-Auth Open RedirectEPSS 1.1%CVE-2020-5233MEDIUMOpen Redirect in OAuth2 ProxyEPSS 1.1%CVE-2022-29170MEDIUMGrafana Enterprise datasource network restrictions bypass via HTTP redirectsEPSS 1.1%CVE-2024-57241MEDIUMDedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resultEPSS 1.1%CVE-2023-6927MEDIUMKeycloak: open redirect via "form_post.jwt" jarm response modeEPSS 1.1%CVE-2021-21338MEDIUMOpen Redirection in Login HandlingEPSS 1.1%CVE-2018-14658MEDIUMA flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.EPSS 1.1%CVE-2022-23078—Habitica - Open redirect in login pageEPSS 1.1%CVE-2019-14882LOWA vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit pEPSS 1.1%CVE-2020-29498MEDIUMDell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentiallyEPSS 1.1%CVE-2019-1954MEDIUMCisco Webex Meetings Server Open Redirection VulnerabilityEPSS 1.1%CVE-2024-21641MEDIUMFlarum's Logout Route allows open redirectsEPSS 1.1%CVE-2024-24763MEDIUMJumpServer Open Redirect VulnerabilityEPSS 1.1%CVE-2025-25198HIGHmailcow: dockerized vulnerable to password reset poisoningEPSS 1.1%CVE-2022-47500MEDIUMApache Helix: Open redirectEPSS 1.1%CVE-2021-32806MEDIUMURL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportalEPSS 1.0%CVE-2023-27292MEDIUMAn open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.EPSS 1.0%CVE-2021-41180MEDIUMGeolocation preview links can be set to arbitrary links in nextcloud talkEPSS 1.0%