24 matches found
PT-2026-42271
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...
PT-2026-41941
Name of the Vulnerable Software and Affected Versions scalar/astro version 0.1.13 Description A Server-Side Request Forgery SSRF exists in the Scalar Proxy endpoint. Unauthenticated attackers can use the scalar url query parameter to force the backend server to send HTTP requests to URLs under...
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
EUVD-2026-23400
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...
VertiGIS FM 安全漏洞
VertiGIS FM is a facility and asset management platform from VertiGIS Corporation. There is a security vulnerability in VertiGIS FM, which stems from a reflection-type cross-site scripting vulnerability in the dashboard search function. This vulnerability could allow attackers to create malicious...
Speedbit Download Accelerator Plus 缓冲区错误漏洞
Speedbit Download Accelerator Plus is a download management software developed by Speedbit Corporation. Version 10.0.6.0 of Speedbit Download Accelerator Plus contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the structured exception handler, which could...
EUVD-2026-11657
A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final...
MalURLBench: A Benchmark Evaluating Agents' Vulnerabilities When Processing Web URLs
LLM-based web agents have become increasingly popular for their utility in daily life and work. However, they exhibit critical vulnerabilities when processing malicious URLs: accepting a disguised malicious URL enables subsequent access to unsafe webpages, which can cause severe damage to service...
RLSA-2025:12519 Moderate: python-requests security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
python-requests security update
An update is available for python-requests. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...
requests: Requests vulnerable to .netrc credentials leak via malicious URLs
A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue...
RLSA-2025:13234 Moderate: python-requests security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: resource-agents security update
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Security Fixes: requests: Requests vulnerable to .netrc credentials leak via malicious...
requests: Requests vulnerable to .netrc credentials leak via malicious URLs
A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue...
Oracle Linux 10 : python-requests (ELSA-2025-13604)
The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-13604 advisory. 2.32.4-1 - Update to 2.32.4 - Security fix for CVE-2024-47081: .netrc credentials leak via malicious URLs Resolves: RHEL-105460 Tenable has extracted the...
Node.js 路径遍历漏洞
Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A path traversal vulnerability exists in Node.js that stems from the possibility that the system may not properly handle device names in the event that an attacker sends a malicious URL, resulti...
CVE-2025-5020
Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS 139...
keycloak: path transversal in redirection validation
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects a...
The vulnerability of the XWiki platform for creating collaborative web applications lies in its lack of protection for website structures. This allows attackers to replace the displayed URLs with malicious ones.
The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to replace the displayed URL...
The vulnerability of the Live Share extension of the Microsoft Visual Studio software allows a hacker to redirect users to a malicious URL.
The vulnerability of the Live Share extension of the Microsoft Visual Studio development tool is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to redirect users to a malicious URL by convincing them to connect to a specially created Live Share...