Monthly
Open Redirect in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows unauthenticated remote attackers to redirect authenticated administrators to arbitrary external URLs via a malicious redirect parameter on the session course edit page, while simultaneously leaking the id_session parameter to attacker-controlled servers. The vulnerability requires user interaction (UI:R) but affects confidentiality through session parameter disclosure and crosses trust boundaries (S:C), resulting in CVSS 4.7 with low real-world risk due to authentication and user-interaction requirements.
Open redirect vulnerability in Chamilo LMS login endpoint allows unauthenticated remote attackers to redirect users to arbitrary external websites via the redirect parameter, affecting versions 1.11.0 through 2.0-beta.1. The vulnerability was patched in 2.0-beta.2 and subsequent releases. No public exploit code or active exploitation has been confirmed, but the attack requires no authentication or special complexity and could be weaponized for phishing campaigns.
An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.
Open redirect vulnerability in Apache Tomcat's LoadBalancerDrainingValve allows unauthenticated remote attackers to redirect users to untrusted sites via crafted URLs. Affects Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. The vulnerability requires user interaction (clicking a malicious link) and has low real-world exploitation probability (EPSS 0.01%), with no public exploit code or confirmed active exploitation identified at the time of analysis.
Open redirect vulnerability in LORIS (Longitudinal Online Research and Imaging System) versions prior to 27.0.3 and 28.0.1 allows unauthenticated remote attackers to redirect authenticated users to arbitrary external websites via a malicious redirect parameter during login. The vulnerability requires user interaction (clicking a crafted link) but poses a meaningful phishing risk in neuroimaging research environments where LORIS deployments are common. No public exploit code or active exploitation has been confirmed at the time of analysis.
Cross-origin request body replay in OpenClaw's fetchWithSsrFGuard function before version 2026.3.31 enables attackers to exfiltrate sensitive request data and headers to unintended origins through redirect manipulation. The vulnerability requires user interaction and allows high confidentiality impact through unsafe request body transmission across origin boundaries. Affects unauthenticated contexts. No public exploit identified at time of analysis, with low observed exploitation activity (EPSS <1%).
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.
Open redirect vulnerability in ChurchCRM prior to version 7.0.0 allows authenticated users to be redirected to arbitrary URLs via crafted links containing unvalidated redirect parameters, particularly through the 'linkBack' parameter used across multiple application pages including DonatedItemEditor.php. An attacker can create a malicious link that redirects authenticated users to external sites when they interact with UI elements, enabling phishing attacks and credential theft. The vulnerability requires an authenticated user and user interaction (clicking a button), reducing immediate risk but posing moderate concern in social engineering scenarios.
Open redirect vulnerability in HPE Aruba Networking Private 5G Core On-Prem GUI enables credential harvesting attacks against authenticated users. Remote attackers can craft malicious URLs that redirect victims from the legitimate login flow to attacker-controlled phishing pages designed to capture credentials. With CVSS 8.8 (High) severity and network-reachable attack surface requiring no authentication, this represents significant phishing risk for organizations deploying private 5G infrastructure. No public exploit identified at time of analysis, though exploitation requires minimal technical complexity.
Open edX Platform versions prior to commit 76462f1e5fa9b37d2621ad7ad19514b403908970 suffer from an open redirect vulnerability in the view_survey endpoint that accepts unvalidated redirect_url parameters, enabling attackers to redirect authenticated users to arbitrary attacker-controlled URLs for phishing and credential theft. The vulnerability requires user interaction (clicking a malicious link) to trigger the redirect but affects all versions of the platform until the specific commit is applied; no public exploit code has been identified at the time of analysis.
Open Redirect in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows unauthenticated remote attackers to redirect authenticated administrators to arbitrary external URLs via a malicious redirect parameter on the session course edit page, while simultaneously leaking the id_session parameter to attacker-controlled servers. The vulnerability requires user interaction (UI:R) but affects confidentiality through session parameter disclosure and crosses trust boundaries (S:C), resulting in CVSS 4.7 with low real-world risk due to authentication and user-interaction requirements.
Open redirect vulnerability in Chamilo LMS login endpoint allows unauthenticated remote attackers to redirect users to arbitrary external websites via the redirect parameter, affecting versions 1.11.0 through 2.0-beta.1. The vulnerability was patched in 2.0-beta.2 and subsequent releases. No public exploit code or active exploitation has been confirmed, but the attack requires no authentication or special complexity and could be weaponized for phishing campaigns.
An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.
Open redirect vulnerability in Apache Tomcat's LoadBalancerDrainingValve allows unauthenticated remote attackers to redirect users to untrusted sites via crafted URLs. Affects Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. The vulnerability requires user interaction (clicking a malicious link) and has low real-world exploitation probability (EPSS 0.01%), with no public exploit code or confirmed active exploitation identified at the time of analysis.
Open redirect vulnerability in LORIS (Longitudinal Online Research and Imaging System) versions prior to 27.0.3 and 28.0.1 allows unauthenticated remote attackers to redirect authenticated users to arbitrary external websites via a malicious redirect parameter during login. The vulnerability requires user interaction (clicking a crafted link) but poses a meaningful phishing risk in neuroimaging research environments where LORIS deployments are common. No public exploit code or active exploitation has been confirmed at the time of analysis.
Cross-origin request body replay in OpenClaw's fetchWithSsrFGuard function before version 2026.3.31 enables attackers to exfiltrate sensitive request data and headers to unintended origins through redirect manipulation. The vulnerability requires user interaction and allows high confidentiality impact through unsafe request body transmission across origin boundaries. Affects unauthenticated contexts. No public exploit identified at time of analysis, with low observed exploitation activity (EPSS <1%).
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.
Open redirect vulnerability in ChurchCRM prior to version 7.0.0 allows authenticated users to be redirected to arbitrary URLs via crafted links containing unvalidated redirect parameters, particularly through the 'linkBack' parameter used across multiple application pages including DonatedItemEditor.php. An attacker can create a malicious link that redirects authenticated users to external sites when they interact with UI elements, enabling phishing attacks and credential theft. The vulnerability requires an authenticated user and user interaction (clicking a button), reducing immediate risk but posing moderate concern in social engineering scenarios.
Open redirect vulnerability in HPE Aruba Networking Private 5G Core On-Prem GUI enables credential harvesting attacks against authenticated users. Remote attackers can craft malicious URLs that redirect victims from the legitimate login flow to attacker-controlled phishing pages designed to capture credentials. With CVSS 8.8 (High) severity and network-reachable attack surface requiring no authentication, this represents significant phishing risk for organizations deploying private 5G infrastructure. No public exploit identified at time of analysis, though exploitation requires minimal technical complexity.
Open edX Platform versions prior to commit 76462f1e5fa9b37d2621ad7ad19514b403908970 suffer from an open redirect vulnerability in the view_survey endpoint that accepts unvalidated redirect_url parameters, enabling attackers to redirect authenticated users to arbitrary attacker-controlled URLs for phishing and credential theft. The vulnerability requires user interaction (clicking a malicious link) to trigger the redirect but affects all versions of the platform until the specific commit is applied; no public exploit code has been identified at the time of analysis.