4189 matches found
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the resolvePath function when used with navigate, , or redirect. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. Note: This is only exploitabl...
GHSA-9JCX-V3WJ-WH4M React Router has unexpected external redirect via untrusted paths
An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an issue if developers pass untrusted content into navigation paths in their application code...
React Router has unexpected external redirect via untrusted paths
An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an issue if developers pass untrusted content into navigation paths in their application code...
Cross-site Scripting (XSS)
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.navigate.history.push or ui.navigate.history.replace functions. An attacker can execute arbitrary JavaScript in the victim's...
USN-7948-1: GPSd vulnerabilities
It was discovered that GPSd incorrectly handled processing NMEA2000 packets. An attacker could use this issue to cause GPSd to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-67268 It was discovered that GPSd incorrectly handled processing NAVCOM packets. An...
USN-7948-1 gpsd vulnerabilities
It was discovered that GPSd incorrectly handled processing NMEA2000 packets. An attacker could use this issue to cause GPSd to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-67268 It was discovered that GPSd incorrectly handled processing NAVCOM packets. An...
CVE-2026-21871 NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()
NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL...
CVE-2026-21871 NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()
NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL...
PT-2026-2110
Name of the Vulnerable Software and Affected Versions NiceGUI versions 2.13.0 through 3.4.1 Description NiceGUI is a Python-based UI framework susceptible to a cross-site scripting XSS issue. The issue arises when developers provide attacker-controlled strings to the ui.navigate.history.push or...
MAL-2026-139 Malicious code in rt-global-nav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02bd8de33c5be198041c736003639439fad9b5df269d489cc4ab29b59191cab7 The package rt-global-nav was found to contain malicious code. Source: ghsa-malware e72ac5f9f497c4ba74c3c745f0cbfce94d7acf109ca98ff38f916fd8afa59e0f...
CVE-2025-67269
A flaw was found in gpsd. A remote attacker can exploit this vulnerability by sending a specially crafted NAVCOM packet. When parsing the packet, an error in calculating the payload length can cause the system to attempt to process an extremely large amount of data. This leads to excessive CPU...
PT-2026-26522
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description A flaw exists in Google Chrome's Navigation feature due to inadequate validation of untrusted input. This could allow a remote attacker who has already compromised the renderer process...
Leica Geosystems GNSS 安全漏洞
Leica Geosystems GNSS is a line of mapping equipment from Leica Germany. A security vulnerability exists in Leica Geosystems GNSS version 4.30.063, which stems from the presence of stored cross-site scripting in the configuration file upload function that could lead to the execution of arbitrary...
CVE-2025-14812
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
CVE-2025-14812
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
CVE-2025-14812
CVE-2025-14812 affects ArcSearch for iOS (Browser Company) prior to version 1.45.2. Affected behavior: after iframe-triggered URI-scheme navigation, the address bar may display a different domain than the content being shown, enabling spoofing risk. Root cause (as described in connected sources):...
CVE-2025-14812 Address bar spoofing risk in Arc Search on iOS
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
CVE-2025-14812 Address bar spoofing risk in Arc Search on iOS
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
EUVD-2025-204563
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
PT-2025-52489
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...