103 matches found
PT-2024-4663 · Mcafee · Mcafee Security: Antivirus Vpn For Android
Name of the Vulnerable Software and Affected Versions: McAfee Security: Antivirus VPN for Android versions prior to 8.3.0 Description: The issue is related to improper deep link validation, which could allow an attacker to launch an arbitrary URL within the app. This could potentially lead to...
CVE-2024-21625 One-click remote code execution via malicious deep link
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...
CVE-2024-21625 One-click remote code execution via malicious deep link
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...
SideQuest Input Validation Error Vulnerability
SideQuest is an open source game store application from SideQuest. An input validation error vulnerability exists in versions of SideQuest prior to 0.10.35, which stems from a vulnerability that allows an attacker to remotely execute code with one click via a malicious deep link...
Mattermost Path Traversal Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost 2.10.0 and earlier versions, which stems from an inability to clean up deep link paths, allowing an attacker to perform a cross-site request forgery CSRF...
Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking
A critical security vulnerability has been disclosed in the Open Authorization OAuth implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs...
CVE-2023-22472
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...
CVE-2023-22472
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...
CSRF vulnerability in Nextcloud Desktop Client on Windows when clicking malicious link
None...
PT-2023-18524 · Nextcloud · Nextcloud Desktop Client
Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.2 Description: The issue affects Deck, a kanban style organization tool integrated with Nextcloud, allowing an attacker to make a user send any POST request with an arbitrary body if they click o...
CVE-2022-42979
Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link...
CVE-2022-42979
Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link...
Information disclosure
Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link...
CVE-2022-42979
Affected software: Ryde application, version 5.8.43, on Android and iOS. The root cause is insecure hostname validation, leading to information disclosure that can allow account takeover via a deep link. Public sources (NVD/Red Hat) confirm the issue and impact as high (C/H/I/A). The provided doc...
PT-2023-14166 · Ryde · Ryde
Name of the Vulnerable Software and Affected Versions: RYDE application version 5.8.43 Description: The issue is related to information disclosure due to insecure hostname validation, allowing attackers to take over an account via a deep link. This can be exploited in the RYDE application for bot...
CVE-2022-42979
Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link...
Ryde Technologies RYDE 信任管理问题漏洞
Ryde Technologies RYDE is a travel software from Ryde Technologies, USA. A security vulnerability exists in Ryde Technologies RYDE version 5.8.43 and earlier, which stems from an information disclosure due to insecure hostname authentication on Android and iOS, and can be exploited by an attacker...
CVE-2022-31469
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!&app=%2e./ URI...
CVE-2022-31469
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!&app=%2e./ URI...
Cross site scripting
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!&app=%2e./ URI...