EUVD-2025-26966

Malicious code in bioql PyPI...

CVE-2025-41408

Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the user may become a victim of a phishing attac...

CVE-2025-41408

Summary: The vulnerability CVE-2025-41408 affects the LY/Yahoo! Shopping App for Android (pre-14.15.0). The issue is improper authorization in the handler for the app’s custom URL scheme (CWE-939), allowing a remote, unauthenticated attacker to redirect a user to an arbitrary website, enabling ph...

JVN#35290164: "Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly

"Yahoo! Shopping" App for Android provided by LY Corporation contains the following vulnerability. Improper authorization in handler for custom URL scheme CWE-939 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score...

nodejs:14 bug fix and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs 14.15.0. BZ1891809...