Search Vulnerabilities

BigBlueButton has Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL"

LinkAce: Password Reset Poisoning via X-Forwarded-Host Header Injection Leading to Account Takeover

next-intl has an open redirect vulnerability

@adonisjs/http-server has an Open Redirect vulnerability

Cisco Unity Connection Open Redirect Vulnerability

immich: Open Redirect via Shared Album name

An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7

Open Redirect vulnerability in SAP NetWeaver Application Server ABAP

User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter

ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php

Chamilo LMS has an Open Redirect via Unvalidated 'page' Parameter in Session Course Edit

Chamilo LMS has validation-less redirect on login page

An open redirect vulnerability in Rocket

Apache Tomcat: Occasionally open redirect

LORIS has an open redirect field on login

OpenClaw < 2026.3.31 - Unsafe Request Body Replay via fetchWithSsrFGuard Cross-Origin Redirects

WordPress Hide My WP Ghost plugin < 7.0.00 - Open Redirection vulnerability

ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php

Directus is an Open Redirect in Admin 2FA Setup Page

Directus has an Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow