Lucene search
+L

923 matches found

NVD
NVD
added 2026/05/26 8:16 p.m.20 views

CVE-2025-68709

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

5.2CVSS0.00177EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.15 views

PT-2026-43381

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

6AI score0.00177EPSS
Exploits0References4
Amazon
Amazon
added 2026/05/26 12:0 a.m.15 views

Important: php8.5

Issue Overview: PHP: Failure to setup TLS with a remote server can result in a remote DoS CVE-2026-12184 uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. CVE-2026-42371 In uriparser before 1.0.2, there is pointer...

9.8CVSS7AI score0.0078EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/26 12:0 a.m.38 views

CVE-2025-68709

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

0.00177EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

SailingLab AppLock 安全漏洞

SailingLab AppLock is a mobile application privacy protection tool developed by SailingLab. It supports features such as app locking, PIN verification, and fingerprint unlocking. Version 4.3.8 of SailingLab AppLock contains a security vulnerability. This vulnerability stems from the...

5.2CVSS5.9AI score0.00177EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in ruby-rails-html-sanitizer

Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions starting from 1.0.3 and before 1.4.4 are vulnerable to cross-site scripting through data URIs when used in conjunction with Loofah version 2.1.0 or higher. This issue has been fixed in version 1.4.4...

6.1CVSS5.9AI score0.00867EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in ruby-loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0; versions less than 2.19.1 are vulnerable to cross-site scripting due to the image/svg+xml media type in data URIs. This issue has been fixed in version 2.19.1...

6.1CVSS6.2AI score0.00792EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Pypy

In Python 2.x through 2.7.16, urllib supports the localfile scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs. This is demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS6.8AI score0.12261EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in lxml

Lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html allowed certain crafted script content to pass through, as well as script content in SVG files embedded using data URIs. Users who use the HTML Cleaner in a security-related...

8.2CVSS6.4AI score0.02456EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 12:31 p.m.22 views

Keycloak: Open redirect when using wildcard valid redirect URIs in Keycloak

A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further...

8.1CVSS5.7AI score0.005EPSS
Exploits0References11Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/19 11:1 a.m.12 views

CVE-2026-7504

A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further...

8.1CVSS5.7AI score0.005EPSS
Exploits0References3
OSV
OSV
added 2026/05/18 2:51 p.m.6 views

GHSA-5RV5-XJ5J-3484 Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping

Summary Faraday::Connectionbuildexclusiveurl still allows protocol-relative host override when the request target is provided as a URI object instead of a String. This bypasses the February 2026 fix for GHSA-33mh-2634-fwr2 and can redirect a request built from a fixed-base Faraday::Connection to ...

6AI score0.00272EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/15 4:40 p.m.13 views

EUVD-2026-30569

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

7.1CVSS6AI score0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.21 views

PT-2026-41322

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

7.1CVSS6AI score0.00137EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 8:16 a.m.9 views

UBUNTU-CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/08 7:15 a.m.13 views

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

5.3CVSS5.8AI score0.00211EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/08 7:15 a.m.9 views

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

2.9CVSS5.8AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.24 views

PT-2026-38682

Name of the Vulnerable Software and Affected Versions uriparser versions prior to 1.0.2 Description The function family EqualsUri can misclassify two unequal URIs as equal. Recommendations Update to version 1.0.2 or later. As a temporary workaround, restrict the use of the EqualsUri function unti...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Mako vulnerability (USN-8234-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8234-1 advisory. It was discovered that Mako incorrectly handled URIs with double-slash prefixes in...

8.7CVSS5.9AI score0.00361EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Eclipse BaSyx Java Server SDK 代码问题漏洞

Eclipse BaSyx Java Server SDK is an industrial digitalization development toolkit from the Eclipse Foundation. Versions of Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10 contained code vulnerabilities. These vulnerabilities stemmed from the Operation Delegation feature not verifying th...

8.6CVSS6.3AI score0.00516EPSS
Exploits0References2
Rows per page
Query Builder