Monthly
Open redirect in Speakr's post-login redirect handler allows unauthenticated remote attackers to silently redirect authenticated users to attacker-controlled hosts via scheme-relative URLs such as '////evil.com'. The flaw stems from a logic split between the validation function - which normalizes the redirect target using urljoin() before checking safety - and the controller, which passes the raw, un-normalized target to redirect(), emitting it verbatim in the HTTP Location header. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the low attack complexity and phishing utility make this a credible risk for self-hosted deployments.
Open redirect in WeGIA before version 3.7.3 enables authenticated attackers to weaponize the trusted WeGIA domain for phishing, credential harvesting, and malware distribution by manipulating the unvalidated `nextPage` parameter at the `/WeGIA/controle/control.php` endpoint. Affected deployments include any WeGIA instance running versions prior to 3.7.3 where the control endpoint is accessible to low-privileged authenticated users. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the social engineering abuse potential against users who trust the institution's domain is the primary real-world risk.
Open redirect in the Facebook for WooCommerce WordPress plugin (versions through 3.7.0) allows unauthenticated remote attackers to redirect victims to arbitrary external domains via crafted URLs. Classified under CWE-601, the vulnerability enables phishing campaigns that abuse the plugin's trusted WooCommerce domain as a delivery mechanism - victims clicking a link that appears to originate from a legitimate storefront are silently forwarded to attacker-controlled sites. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; EPSS data was not available in the provided intelligence.
Open redirect vulnerability in Jenkins Bitbucket OAuth Plugin 0.17 and earlier enables unauthenticated network attackers to craft login URLs that redirect authenticated victims to arbitrary, attacker-controlled destinations, facilitating phishing campaigns targeting Jenkins users. The plugin fails to validate or restrict the post-login redirect URL parameter, classified under CWE-601. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; the CVSS 4.3 Medium rating reflects network reachability offset by a mandatory user interaction requirement.
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module. This issue affects Apache Shiro from 2.0-alpha to 2.2.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module.
With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue by encrypting the cookie. After successful login, Jakarta EE integration module uses shiroSavedRequest cookie to redirect to a particular web page after login. This cookie was not validated, and can be forged to send a HTTP GET request from the server itself to an arbitrary URL from the cookie.
Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier
Open redirect vulnerability in Dell PowerFlex Manager 4.6.2 and prior enables unauthenticated remote attackers to craft malicious application URLs that silently redirect targeted users to arbitrary attacker-controlled web destinations. Exploitation requires user interaction (CVSS UI:R) - a victim must follow a specially crafted link - but no authentication or special privileges are needed on the attacker's side. The primary risk is phishing: because the initial URL appears to point at a legitimate Dell infrastructure management portal, users are more likely to trust and follow it, making credential theft or sensitive data disclosure against PowerFlex administrators a realistic outcome. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.
Open redirect vulnerability in Umbraco CMS Surface Controllers allows unauthenticated remote attackers to redirect authenticated victims to arbitrary external URLs following form submissions. The affected controllers - UmbLoginStatusController, UmbProfileController, and UmbRegisterController - accepted user-controlled RedirectUrl query parameters without validating that the destination was a local URL, enabling phishing and credential harvesting attacks. No public exploit code has been identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS score of 5.4 reflects low-complexity network exploitation requiring only victim interaction.
Open redirect vulnerability in ArcGIS Server 11.5 allows an attacker to craft a malicious login-workflow URL that, upon user authentication, silently redirects the victim's browser to an attacker-controlled external site. The flaw lies in insufficient input validation of the redirect parameter within the login redirection workflow, with impact explicitly limited to client-side browser navigation - no server-side compromise or cross-component data exposure is possible. No active exploitation has been confirmed (not in CISA KEV), no public exploit code has been identified at time of analysis, and EPSS data was not present in the available intelligence feed.
Open redirect in Speakr's post-login redirect handler allows unauthenticated remote attackers to silently redirect authenticated users to attacker-controlled hosts via scheme-relative URLs such as '////evil.com'. The flaw stems from a logic split between the validation function - which normalizes the redirect target using urljoin() before checking safety - and the controller, which passes the raw, un-normalized target to redirect(), emitting it verbatim in the HTTP Location header. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the low attack complexity and phishing utility make this a credible risk for self-hosted deployments.
Open redirect in WeGIA before version 3.7.3 enables authenticated attackers to weaponize the trusted WeGIA domain for phishing, credential harvesting, and malware distribution by manipulating the unvalidated `nextPage` parameter at the `/WeGIA/controle/control.php` endpoint. Affected deployments include any WeGIA instance running versions prior to 3.7.3 where the control endpoint is accessible to low-privileged authenticated users. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the social engineering abuse potential against users who trust the institution's domain is the primary real-world risk.
Open redirect in the Facebook for WooCommerce WordPress plugin (versions through 3.7.0) allows unauthenticated remote attackers to redirect victims to arbitrary external domains via crafted URLs. Classified under CWE-601, the vulnerability enables phishing campaigns that abuse the plugin's trusted WooCommerce domain as a delivery mechanism - victims clicking a link that appears to originate from a legitimate storefront are silently forwarded to attacker-controlled sites. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; EPSS data was not available in the provided intelligence.
Open redirect vulnerability in Jenkins Bitbucket OAuth Plugin 0.17 and earlier enables unauthenticated network attackers to craft login URLs that redirect authenticated victims to arbitrary, attacker-controlled destinations, facilitating phishing campaigns targeting Jenkins users. The plugin fails to validate or restrict the post-login redirect URL parameter, classified under CWE-601. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; the CVSS 4.3 Medium rating reflects network reachability offset by a mandatory user interaction requirement.
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module. This issue affects Apache Shiro from 2.0-alpha to 2.2.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module.
With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue by encrypting the cookie. After successful login, Jakarta EE integration module uses shiroSavedRequest cookie to redirect to a particular web page after login. This cookie was not validated, and can be forged to send a HTTP GET request from the server itself to an arbitrary URL from the cookie.
Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier
Open redirect vulnerability in Dell PowerFlex Manager 4.6.2 and prior enables unauthenticated remote attackers to craft malicious application URLs that silently redirect targeted users to arbitrary attacker-controlled web destinations. Exploitation requires user interaction (CVSS UI:R) - a victim must follow a specially crafted link - but no authentication or special privileges are needed on the attacker's side. The primary risk is phishing: because the initial URL appears to point at a legitimate Dell infrastructure management portal, users are more likely to trust and follow it, making credential theft or sensitive data disclosure against PowerFlex administrators a realistic outcome. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.
Open redirect vulnerability in Umbraco CMS Surface Controllers allows unauthenticated remote attackers to redirect authenticated victims to arbitrary external URLs following form submissions. The affected controllers - UmbLoginStatusController, UmbProfileController, and UmbRegisterController - accepted user-controlled RedirectUrl query parameters without validating that the destination was a local URL, enabling phishing and credential harvesting attacks. No public exploit code has been identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS score of 5.4 reflects low-complexity network exploitation requiring only victim interaction.
Open redirect vulnerability in ArcGIS Server 11.5 allows an attacker to craft a malicious login-workflow URL that, upon user authentication, silently redirects the victim's browser to an attacker-controlled external site. The flaw lies in insufficient input validation of the redirect parameter within the login redirection workflow, with impact explicitly limited to client-side browser navigation - no server-side compromise or cross-component data exposure is possible. No active exploitation has been confirmed (not in CISA KEV), no public exploit code has been identified at time of analysis, and EPSS data was not present in the available intelligence feed.