Lucene search
+L

103 matches found

Positive Technologies
Positive Technologies
added 2024/03/05 12:0 a.m.6 views

PT-2024-4663 · Mcafee · Mcafee Security: Antivirus Vpn For Android

Name of the Vulnerable Software and Affected Versions: McAfee Security: Antivirus VPN for Android versions prior to 8.3.0 Description: The issue is related to improper deep link validation, which could allow an attacker to launch an arbitrary URL within the app. This could potentially lead to...

9.4CVSS7.3AI score0.00472EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/01/04 2:48 p.m.16 views

CVE-2024-21625 One-click remote code execution via malicious deep link

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...

8.8CVSS7.8AI score0.00845EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/04 2:48 p.m.30 views

CVE-2024-21625 One-click remote code execution via malicious deep link

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...

8.8CVSS9.2AI score0.00845EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/04 12:0 a.m.8 views

SideQuest Input Validation Error Vulnerability

SideQuest is an open source game store application from SideQuest. An input validation error vulnerability exists in versions of SideQuest prior to 0.10.35, which stems from a vulnerability that allows an attacker to remotely execute code with one click via a malicious deep link...

8.8CVSS7.1AI score0.00845EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.6 views

Mattermost Path Traversal Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost 2.10.0 and earlier versions, which stems from an inability to clean up deep link paths, allowing an attacker to perform a cross-site request forgery CSRF...

8.8CVSS6.7AI score0.00461EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/05/27 7:45 a.m.102 views

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

A critical security vulnerability has been disclosed in the Open Authorization OAuth implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs...

9.6CVSS8.3AI score0.2299EPSS
Exploits0
NVD
NVD
added 2023/01/09 2:15 p.m.45 views

CVE-2023-22472

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...

8.8CVSS6.2AI score0.00204EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/01/09 1:54 p.m.54 views

CVE-2023-22472

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...

8.8CVSS7AI score0.00204EPSS
Exploits0
Nextcloud
Nextcloud
added 2023/01/09 5:49 a.m.87 views

CSRF vulnerability in Nextcloud Desktop Client on Windows when clicking malicious link

None...

8.8CVSS8.1AI score0.00204EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.5 views

PT-2023-18524 · Nextcloud · Nextcloud Desktop Client

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.2 Description: The issue affects Deck, a kanban style organization tool integrated with Nextcloud, allowing an attacker to make a user send any POST request with an arbitrary body if they click o...

8.8CVSS8.6AI score0.00204EPSS
Exploits0References7
NVD
NVD
added 2023/01/06 4:15 a.m.23 views

CVE-2022-42979

Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link...

8.8CVSS8AI score0.24328EPSS
Exploits0References1
OSV
OSV
added 2023/01/06 4:15 a.m.4 views

CVE-2022-42979

Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link...

8.8CVSS5.8AI score0.24328EPSS
Exploits0References1
Prion
Prion
added 2023/01/06 4:15 a.m.19 views

Information disclosure

Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link...

6.8CVSS7.8AI score0.24328EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/06 12:0 a.m.54 views

CVE-2022-42979

Affected software: Ryde application, version 5.8.43, on Android and iOS. The root cause is insecure hostname validation, leading to information disclosure that can allow account takeover via a deep link. Public sources (NVD/Red Hat) confirm the issue and impact as high (C/H/I/A). The provided doc...

8.8CVSS7.9AI score0.24328EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/06 12:0 a.m.6 views

PT-2023-14166 · Ryde · Ryde

Name of the Vulnerable Software and Affected Versions: RYDE application version 5.8.43 Description: The issue is related to information disclosure due to insecure hostname validation, allowing attackers to take over an account via a deep link. This can be exploited in the RYDE application for bot...

8.8CVSS8AI score0.24328EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/01/06 12:0 a.m.30 views

CVE-2022-42979

Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link...

8.2AI score0.24328EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/06 12:0 a.m.8 views

Ryde Technologies RYDE 信任管理问题漏洞

Ryde Technologies RYDE is a travel software from Ryde Technologies, USA. A security vulnerability exists in Ryde Technologies RYDE version 5.8.43 and earlier, which stems from an information disclosure due to insecure hostname authentication on Android and iOS, and can be exploited by an attacker...

8.8CVSS7.9AI score0.24328EPSS
Exploits0References2
OSV
OSV
added 2022/12/26 2:15 a.m.5 views

CVE-2022-31469

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!&app=%2e./ URI...

6.1CVSS5.8AI score0.00538EPSS
Exploits2References2
NVD
NVD
added 2022/12/26 2:15 a.m.20 views

CVE-2022-31469

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!&app=%2e./ URI...

6.1CVSS0.00538EPSS
Exploits2References2
Prion
Prion
added 2022/12/26 2:15 a.m.22 views

Cross site scripting

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!&app=%2e./ URI...

5.8CVSS5.9AI score0.00538EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder