102 matches found
CVE-2023-6542
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL...
CVE-2023-51219
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...
CVE-2023-24601
OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree...
CVE-2023-22472
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...
Access Control Bypass
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Access Control Bypass due to improper access control mechanisms. An attacker can access documents of other customers by guessing the deepLinkCode of a...
PT-2024-35: Automatic explicit deep link assignment in Android Jetpack Navigation Library
The vulnerability was identified in Android Jetpack Navigation Library in versions 2.8.1. The discovered vulnerability allows an attacker, using automatically assigned explicit deep links, to open arbitrary screens in the application and pass them arbitrary parameters Vulnerability status:...
CVE-2024-34405
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app...
CVE-2024-34406
Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link...
McAfee Security Antivirus VPN for Android Security Vulnerability
McAfee Security Antivirus VPN for Android is a network security software from McAfee, Inc. A security vulnerability exists in McAfee Security Antivirus VPN for Android prior to version 8.3.0, which stems from an improper exception handling that could allow an attacker to cause a denial of service...
CVE-2024-34406
Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link...
CVE-2024-34406
Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link...
CVE-2024-34405
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app...
McAfee Security Antivirus VPN for Android Security Vulnerability
McAfee Security Antivirus VPN for Android is a cybersecurity software from McAfee USA. A security vulnerability exists in McAfee Security Antivirus VPN for Android prior to version 8.3.0, which stems from improper deep link validation and allows an attacker to launch arbitrary URLs within the...
CVE-2024-34406
Summary: CVE-2024-34406 affects McAfee Security: Antivirus VPN for Android, specifically versions prior to 8.3.0. The issue is described as improper exception handling that could allow an attacker to cause a denial of service through the use of a malformed deep link. What’s affected: Android app ...
CVE-2024-34405
The CVE-2024-34405 entry concerns McAfee Security: Antivirus VPN for Android prior to version 8.3.0. The issue is described as improper deep link validation, which could allow an attacker to launch an arbitrary URL from within the app. The RedHat/CNNVD/CVE ecosystem sources corroborate the genera...
CVE-2023-51219
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...
PT-2024-14074 · Kakao · Kakaotalk
Name of the Vulnerable Software and Affected Versions: KakaoTalk version 10.4.3 Description: A deep link validation issue allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leak...
CVE-2023-51219
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...
CVE-2023-51219
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...
PT-2024-4663 · Mcafee · Mcafee Security: Antivirus Vpn For Android
Name of the Vulnerable Software and Affected Versions: McAfee Security: Antivirus VPN for Android versions prior to 8.3.0 Description: The issue is related to improper deep link validation, which could allow an attacker to launch an arbitrary URL within the app. This could potentially lead to...