Lucene search
K

322 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-26214

Malicious code in bioql PyPI...

5.4CVSS6.8AI score0.04116EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.21 views

EUVD-2022-29678

Malicious code in bioql PyPI...

4CVSS4.8AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-46547

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01793EPSS
Exploits0References1
NVD
NVD
added 2025/10/02 9:16 p.m.5 views

CVE-2025-54088

CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate i...

6.1CVSS0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/02 8:10 p.m.3 views

CVE-2025-54088 Open Redirect in Secure Access prior to 14.10

CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate i...

5.5CVSS6.3AI score0.00172EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2025/09/02 12:0 a.m.19 views

Meta Platforms WhatsApp Incorrect Authorization Vulnerability

Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device...

5.4CVSS7.1AI score0.04116EPSS
In wildExploits1
RedhatCVE
RedhatCVE
added 2025/08/31 4:27 p.m.3 views

CVE-2025-55177

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We...

8.8CVSS6.6AI score0.19972EPSS
Exploits9References1
The Hacker News
The Hacker News
added 2025/08/30 4:36 a.m.8 views

WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 CVSS score: 5.4, relates to a case of...

8.8CVSS7.1AI score0.19972EPSS
Exploits9
OSV
OSV
added 2025/08/29 4:15 p.m.2 views

CVE-2025-55177

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We...

5.4CVSS5.8AI score0.04116EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/08/29 3:50 p.m.4 views

CVE-2025-55177

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We...

5.4CVSS6AI score0.04116EPSS
Exploits1References2
CVE
CVE
added 2025/08/20 4:23 a.m.18 views

CVE-2025-55706

Technical details are not publicly available in the provided connected documents. Monitor for updates.

5.1CVSS7.2AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/19 1:12 p.m.13 views

CVE-2025-4044 XML External Entity Injection vulnerability in various Lexmark Universal Drivers

Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL...

8.2CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2025/07/29 12:0 a.m.65 views

CVE-2025-50738

Summary: CVE-2025-50738 affects the Memos application (up to v0.24.3), where embedding markdown images with arbitrary URLs can trigger automatic image fetches when a memo is viewed, enabling potential information disclosure (IP address, User-Agent, and other request data) to an attacker-controlle...

9.8CVSS6.3AI score0.02095EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/16 11:1 p.m.10 views

CVE-2025-53821

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the nextPage parameter, leading to an...

6.1CVSS7.3AI score0.00223EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:55 a.m.8 views

CVE-2024-28745

Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displaye...

3.3CVSS6.9AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:54 a.m.8 views

CVE-2024-34405

Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app...

9.1CVSS7AI score0.00472EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:23 a.m.5 views

CVE-2024-26148

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

6.1CVSS6.4AI score0.0053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:21 a.m.5 views

CVE-2024-44081

In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format...

9.8CVSS7AI score0.00728EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:18 a.m.9 views

CVE-2024-44080

In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format...

7.5CVSS7AI score0.0052EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:1 a.m.6 views

CVE-2023-45201

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

6.1CVSS6.8AI score0.00391EPSS
Exploits1
Rows per page
Query Builder