Lucene search
K

24 matches found

Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.13 views

PT-2026-42271

Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...

4.6CVSS5.8AI score0.00132EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.10 views

PT-2026-41941

Name of the Vulnerable Software and Affected Versions scalar/astro version 0.1.13 Description A Server-Side Request Forgery SSRF exists in the Scalar Proxy endpoint. Unauthenticated attackers can use the scalar url query parameter to force the backend server to send HTTP requests to URLs under...

9.8CVSS5.8AI score0.00471EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/23 6:24 p.m.11 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/17 9:31 a.m.4 views

EUVD-2026-23400

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...

5.3CVSS5.8AI score0.00314EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.9 views

VertiGIS FM 安全漏洞

VertiGIS FM is a facility and asset management platform from VertiGIS Corporation. There is a security vulnerability in VertiGIS FM, which stems from a reflection-type cross-site scripting vulnerability in the dashboard search function. This vulnerability could allow attackers to create malicious...

8.6CVSS5.8AI score0.00184EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.6 views

Speedbit Download Accelerator Plus 缓冲区错误漏洞

Speedbit Download Accelerator Plus is a download management software developed by Speedbit Corporation. Version 10.0.6.0 of Speedbit Download Accelerator Plus contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the structured exception handler, which could...

9.8CVSS6.5AI score0.00802EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/12 9:34 p.m.4 views

EUVD-2026-11657

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final...

4.9CVSS5.8AI score0.00156EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.6 views

MalURLBench: A Benchmark Evaluating Agents' Vulnerabilities When Processing Web URLs

LLM-based web agents have become increasingly popular for their utility in daily life and work. However, they exhibit critical vulnerabilities when processing malicious URLs: accepting a disguised malicious URL enables subsequent access to unsafe webpages, which can cause severe damage to service...

5.9AI score
Exploits0
OSV
OSV
added 2025/10/04 12:11 a.m.4 views

RLSA-2025:12519 Moderate: python-requests security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

5.3CVSS6.1AI score0.00846EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2025/10/03 7:57 p.m.4 views

python-requests security update

An update is available for python-requests. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

5.3CVSS6.5AI score0.00846EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2025/09/10 12:27 p.m.2 views

requests: Requests vulnerable to .netrc credentials leak via malicious URLs

A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue...

5.3CVSS6.6AI score0.00846EPSS
Exploits1References14
OSV
OSV
added 2025/09/08 2:19 p.m.6 views

RLSA-2025:13234 Moderate: python-requests security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

5.3CVSS6.9AI score0.00846EPSS
Exploits1References2
AlmaLinux
AlmaLinux
added 2025/09/02 12:0 a.m.5 views

Moderate: resource-agents security update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Security Fixes: requests: Requests vulnerable to .netrc credentials leak via malicious...

5.3CVSS6.9AI score0.00846EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/08/27 3:17 p.m.2 views

requests: Requests vulnerable to .netrc credentials leak via malicious URLs

A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue...

5.3CVSS6.6AI score0.00846EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.5 views

Oracle Linux 10 : python-requests (ELSA-2025-13604)

The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-13604 advisory. 2.32.4-1 - Update to 2.32.4 - Security fix for CVE-2024-47081: .netrc credentials leak via malicious URLs Resolves: RHEL-105460 Tenable has extracted the...

5.3CVSS7AI score0.00846EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.6 views

Node.js 路径遍历漏洞

Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A path traversal vulnerability exists in Node.js that stems from the possibility that the system may not properly handle device names in the event that an attacker sends a malicious URL, resulti...

7.5CVSS7.5AI score0.09752EPSS
Exploits5References7
AlpineLinux
AlpineLinux
added 2025/05/21 6:15 p.m.2 views

CVE-2025-5020

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS 139...

4.3CVSS6.6AI score0.00198EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/16 8:4 p.m.4 views

keycloak: path transversal in redirection validation

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects a...

8.1CVSS5.7AI score0.01552EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/09/04 12:0 a.m.6 views

The vulnerability of the XWiki platform for creating collaborative web applications lies in its lack of protection for website structures. This allows attackers to replace the displayed URLs with malicious ones.

The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to replace the displayed URL...

6.4CVSS6.3AI score0.02377EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/12/17 12:0 a.m.3 views

The vulnerability of the Live Share extension of the Microsoft Visual Studio software allows a hacker to redirect users to a malicious URL.

The vulnerability of the Live Share extension of the Microsoft Visual Studio development tool is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to redirect users to a malicious URL by convincing them to connect to a specially created Live Share...

4.7CVSS6.3AI score0.01482EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder