📄 VLC Mobile Remote for Windows 1.3.9.3 Remote Arbitrary URL Launch

VLC Mobile Remote for Windows version 1.3.9.3 allows an unauthenticated attacker to remotely cause the target system to open any URL in the victim’s default web browser by sending a specially crafted request. This can lead to forced browsing to malicious sites, phishing attacks, or NTLM credentia...

OpenNext for Cloudflare (opennextjs-cloudflare) has a SSRF vulnerability via /_next/image endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

CVE-2021-29217

A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard versions: Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard...

CVE-2021-29137

A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform versions prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability...

CVE-2024-50338

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

GHSA-GVVW-RR8M-FJ76 uniapi version 1.0.7 contained an information harvesting script.

uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was...

uniapi version 1.0.7 contained an information harvesting script.

uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was...

PYSEC-2025-2 uniapi version 1.0.7 contained an information harvesting script.

uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was...

PT-2025-4786 · Github · Github Desktop

Name of the Vulnerable Software and Affected Versions: GitHub Desktop versions prior to 3.4.12 Description: An attacker can access a user's credentials by convincing them to clone a repository directly or through a submodule using a maliciously crafted remote URL. GitHub Desktop relies on Git for...

Git Credential Manager carriage-return character in remote URL allows malicious repository to leak credentials

Description The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the use of the NUL \0 character and newlines to form part of the keys^1 or values. When Git reads from...

GHSA-86C2-4X57-WC8G Git Credential Manager carriage-return character in remote URL allows malicious repository to leak credentials

Description The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the use of the NUL \0 character and newlines to form part of the keys^1 or values. When Git reads from...

CVE-2024-50338 Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

Resources Downloaded Over Insecure Protocol

gradio is vulnerable to Resources Downloaded over Insecure Protocol. The vulnerability is due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious code by modifying the binary without detection if they gain access to the remote URL from which the FRP...

PYSEC-2024-216

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is...

CVE-2024-47867

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is...

CVE-2024-47867 Lack of integrity check on the downloaded FRP client in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is...

CVE-2024-47867

CVE-2024-47867 describes lack of integrity verification for the FRP client downloaded by Gradio servers. If an attacker tampered with the remote URL, the binary could be replaced without detection, affecting users relying on Gradio server sharing that downloads the FRP client. The advisory ecosys...

GHSA-8C87-GVHJ-XM8M Gradio lacks integrity checking on the downloaded FRP client

Impact This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the...

CentOS 7 : thunderbird (RHSA-2022:9079)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9079 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...