52 matches found
CVE-2025-54374 Eidos: One-click Remote Code Execution through Custom URL Handling
Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, including a malicious one they control. When a...
CVE-2025-41408
Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the user may become a victim of a phishing attac...
LY Yahoo! Shopping App 安全漏洞
LY Yahoo! Shopping App is a shopping mobile application from LY Japan. A security vulnerability exists in LY Yahoo! Shopping App versions prior to 14.15.0, which stems from improper handling of the custom URL scheme and could lead to users becoming victims of phishing attacks...
CVE-2025-58176 Dive's improper processing of custom urls can lead to Remote Code Execution
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...
CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling
DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...
CVE-2024-54125
Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...
Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
...
CVE-2024-44155
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy...
PT-2024-30990 · Apple · Ipados +4
Name of the Vulnerable Software and Affected Versions: Safari versions prior to 18 iOS versions prior to 17.7.1 iPadOS versions prior to 17.7.1 macOS versions prior to Sequoia 15 watchOS versions prior to 11 Description: A custom URL scheme handling issue was addressed with improved input...
PT-2024-31481 · Unknown · @Cosme App For Ios +1
Name of the Vulnerable Software and Affected Versions: @cosme App for Android versions prior to 5.69.0 @cosme App for iOS versions prior to 6.74.0 Description: The issue is related to improper authorization in the handler for the custom URL scheme, which allows an attacker to lead a user to acces...
PT-2024-29633 · Rakuten · Rakuten Ichiba App For Android +1
Name of the Vulnerable Software and Affected Versions: Rakuten Ichiba App for Android versions 12.4.0 and earlier Rakuten Ichiba App for iOS versions 11.7.0 and earlier Description: The issue concerns improper authorization in the handler for the custom URL scheme, allowing an arbitrary site to b...
PT-2024-26422 · Unknown · Zozotown App For Android
Name of the Vulnerable Software and Affected Versions: ZOZOTOWN App for Android versions prior to 7.39.6 Description: The issue is related to improper authorization in the handler for a custom URL scheme, which allows an attacker to lead a user to access an arbitrary website via another applicati...
Mozilla Firefox Security Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox IOS prior to version 122, which originates when opening an external URL using a custom Firefox scheme and a timeout contention condition, and can be exploited by an attack...
PT-2024-21331 · Mozilla · Firefox
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 123 Description: An attacker could execute unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. Recommendations: For Firefox for iOS...
CVE-2024-23388
Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...
PT-2024-19863 · Mercari · Mercari App For Android
Name of the Vulnerable Software and Affected Versions: Mercari App for Android versions prior to 5.78.0 Description: The issue is related to improper authorization in the handler for a custom URL scheme, allowing a remote attacker to lead a user to access an arbitrary website via the vulnerable...
e-Gov Client Application fails to restrict custom URL schemes properly
Overview e-Gov Client Application is installed, a Custom URL Scheme is configured on the system to enable invoking the product through a web browser. This custom URL contains the information about the website which the product should access, and a crafted URL may direct the application to access ...
CVE-2023-39507
Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website...
Android Apps developed using Yappli fails to restrict custom URL schemes properly
Overview Yappli provided by Yappli, Inc. is an application development platform. Android Apps that are developed with Yappli provide the function to access a requested URL using Custom URL Scheme. The access to the function is not restricted properly CWE-939 which may be exploited to direct the A...
CVE-2021-20835
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari Merpay - Marketplace and Mobile Payments App' Japan version versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity ...