Lucene search
K

52 matches found

OSV
OSV
added 2025/10/03 8:0 p.m.4 views

CVE-2025-54374 Eidos: One-click Remote Code Execution through Custom URL Handling

Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, including a malicious one they control. When a...

8.8CVSS7.9AI score0.00551EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/05 5:25 a.m.4 views

CVE-2025-41408

Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the user may become a victim of a phishing attac...

5.3CVSS6.5AI score0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.4 views

LY Yahoo! Shopping App 安全漏洞

LY Yahoo! Shopping App is a shopping mobile application from LY Japan. A security vulnerability exists in LY Yahoo! Shopping App versions prior to 14.15.0, which stems from improper handling of the custom URL scheme and could lead to users becoming victims of phishing attacks...

5.3CVSS4.7AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2025/09/03 3:52 a.m.5 views

CVE-2025-58176 Dive's improper processing of custom urls can lead to Remote Code Execution

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...

8.8CVSS8AI score0.07702EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/19 6:26 p.m.13 views

CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...

9.6CVSS0.00634EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:16 a.m.4 views

CVE-2024-54125

Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...

3.3CVSS6.9AI score0.00165EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/02/20 8:0 a.m.5 views

Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme

...

8.8CVSS8.8AI score0.0256EPSS
Exploits0
OSV
OSV
added 2024/10/28 9:15 p.m.4 views

CVE-2024-44155

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy...

6.5CVSS5.8AI score0.00517EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/16 12:0 a.m.6 views

PT-2024-30990 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 18 iOS versions prior to 17.7.1 iPadOS versions prior to 17.7.1 macOS versions prior to Sequoia 15 watchOS versions prior to 11 Description: A custom URL scheme handling issue was addressed with improved input...

6.5CVSS6AI score0.00517EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/08 12:0 a.m.4 views

PT-2024-31481 · Unknown · @Cosme App For Ios +1

Name of the Vulnerable Software and Affected Versions: @cosme App for Android versions prior to 5.69.0 @cosme App for iOS versions prior to 6.74.0 Description: The issue is related to improper authorization in the handler for the custom URL scheme, which allows an attacker to lead a user to acces...

4.3CVSS6.9AI score0.00277EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.10 views

PT-2024-29633 · Rakuten · Rakuten Ichiba App For Android +1

Name of the Vulnerable Software and Affected Versions: Rakuten Ichiba App for Android versions 12.4.0 and earlier Rakuten Ichiba App for iOS versions 11.7.0 and earlier Description: The issue concerns improper authorization in the handler for the custom URL scheme, allowing an arbitrary site to b...

6.1CVSS6.8AI score0.003EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/06/19 12:0 a.m.4 views

PT-2024-26422 · Unknown · Zozotown App For Android

Name of the Vulnerable Software and Affected Versions: ZOZOTOWN App for Android versions prior to 7.39.6 Description: The issue is related to improper authorization in the handler for a custom URL scheme, which allows an attacker to lead a user to access an arbitrary website via another applicati...

4.3CVSS7.1AI score0.00289EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.4 views

Mozilla Firefox Security Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox IOS prior to version 122, which originates when opening an external URL using a custom Firefox scheme and a timeout contention condition, and can be exploited by an attack...

8.1CVSS6.5AI score0.00387EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.7 views

PT-2024-21331 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 123 Description: An attacker could execute unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. Recommendations: For Firefox for iOS...

7.8CVSS6.7AI score0.00278EPSS
Exploits0References4
OSV
OSV
added 2024/01/26 7:15 a.m.1 views

CVE-2024-23388

Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...

6.1CVSS5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.9 views

PT-2024-19863 · Mercari · Mercari App For Android

Name of the Vulnerable Software and Affected Versions: Mercari App for Android versions prior to 5.78.0 Description: The issue is related to improper authorization in the handler for a custom URL scheme, allowing a remote attacker to lead a user to access an arbitrary website via the vulnerable...

6.1CVSS6.2AI score0.00385EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/10/06 5:57 a.m.3 views

e-Gov Client Application fails to restrict custom URL schemes properly

Overview e-Gov Client Application is installed, a Custom URL Scheme is configured on the system to enable invoking the product through a web browser. This custom URL contains the information about the website which the product should access, and a crafted URL may direct the application to access ...

4.3CVSS6.5AI score0.00355EPSS
Exploits0References5
OSV
OSV
added 2023/08/16 9:15 a.m.4 views

CVE-2023-39507

Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website...

6.1CVSS5.9AI score0.00323EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/22 6:7 a.m.2 views

Android Apps developed using Yappli fails to restrict custom URL schemes properly

Overview Yappli provided by Yappli, Inc. is an application development platform. Android Apps that are developed with Yappli provide the function to access a requested URL using Custom URL Scheme. The access to the function is not restricted properly CWE-939 which may be exploited to direct the A...

8.1CVSS6.4AI score0.00842EPSS
Exploits0References5
OSV
OSV
added 2021/11/24 4:15 p.m.5 views

CVE-2021-20835

Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari Merpay - Marketplace and Mobile Payments App' Japan version versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity ...

7.5CVSS7.2AI score0.01329EPSS
Exploits0References1
Rows per page
Query Builder