Lucene search
K

228 matches found

Cvelist
Cvelist
added 2026/06/18 11:55 a.m.19 views

CVE-2026-11719

An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol...

8.6CVSS0.0015EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 11:55 a.m.10 views

EUVD-2026-37881

An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol...

8.6CVSS5.5AI score0.0015EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45037

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

7.1CVSS5.6AI score0.00137EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в firefox, thunderbird

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

6.5CVSS8.7AI score0.01576EPSS
Exploits0References2
NVD
NVD
added 2026/05/15 5:16 p.m.30 views

CVE-2026-45037

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

7.1CVSS0.00137EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 4:40 p.m.13 views

EUVD-2026-30569

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

7.1CVSS6AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 4:40 p.m.50 views

CVE-2026-45037 Tabby: Unsafe protocol handler execution via terminal linkifier allows arbitrary OS protocol invocation

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

7.1CVSS0.00137EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/08 6:46 p.m.13 views

Electerm users can run dangrous code through link or command line

Impact Arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Affected users: electerm installs that accept protocol URLs or CLI options affected versions listed in the original report. Exploit requires clicking a crafted electerm://... link or opening a crafted...

9.6CVSS6.2AI score0.00363EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/04/04 12:16 a.m.4 views

CVE-2026-34767

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

6.5CVSS0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.8 views

Electron 注入漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to 38.8.6, 39.8.3,...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 11:43 p.m.3 views

CVE-2026-34767

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

5.9CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 11:43 p.m.1 views

CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

5.9CVSS5.8AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/04/03 11:43 p.m.18 views

CVE-2026-34767

CVE-2026-34767 affects Electron before 38.8.6, 39.8.3, 40.8.3, and 41.0.3. It describes HTTP response header injection when apps register custom protocol handlers (protocol.handle / protocol.registerSchemesAsPrivileged) or modify headers via webRequest.onHeadersReceived if attacker-controlled inp...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/03 11:43 p.m.21 views

CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

5.9CVSS0.00211EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/03 2:41 a.m.2 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the...

7.5CVSS6AI score0.0024EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/03 2:37 a.m.6 views

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Impact Apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/03 2:37 a.m.8 views

EUVD-2026-18933

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest...

5.9CVSS5.9AI score0.00211EPSS
Exploits0References1
OSV
OSV
added 2026/04/03 2:37 a.m.4 views

GHSA-4P4R-M79C-WQ3V Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Impact Apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or...

5.9CVSS5.9AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-29997

Impact Apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or...

5.9CVSS5.9AI score0.00211EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/26 2:43 p.m.5 views

SUSE CVE-2026-23398

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmptagvalidation icmptagvalidation unconditionally dereferences the result of rcudereferenceinetprotosproto without checking for NULL. The inetprotos array is sparse -- only about 15 of 256...

5.9CVSS5.8AI score0.00114EPSS
Exploits2References19
Rows per page
Query Builder