CVE-2026-8993

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...

CVE-2026-8993 Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...

CVE-2025-3839

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

CVE-2025-3839

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

CVE-2025-3839 Epiphany: insecure external protocol invocation in epiphany

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

DEBIAN-CVE-2025-49091

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...

CVE-2025-49091

KDE Konsole (before version 25.04.2) is vulnerable to remote code execution via its URL-handling feature. If Konsole loads URLs from scheme handlers (e.g., ssh://, telnet://, rlogin://) and the corresponding binary is unavailable, it can fall back to invoking /bin/bash with the URL arguments, all...

SUSE CVE-2022-22739

Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

idb - iOS App Security Assessment Tool

idb is a tool to simplify some common tasks for iOS app security assessments and research. Please see the Documentation for a more detailed summary of each function. Features Assessment Setup SSH port forwarding Installation of helper utilities App Information Bundle information Registered URL...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange OX AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an HTML email with crafted CSS code containing wildcards or 2 office documents containing "crafted hyperlinks with script URL handler...

CVE-2013-6997

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange OX AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an HTML email with crafted CSS code containing wildcards or 2 office documents containing "crafted hyperlinks with script URL handler...

Open-Xchange Security Advisory 2014-01-06

Open-Xchange Security Advisory 2014-01-06 Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30203 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.0 and earlier Vulnerable component: backend Fixe...

Code injection

MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service persistent application crash via crafted JavaScript code...

CVE-2011-0158

Summary of CVE-2011-0158 (Apple iOS/MobileSafari) : The issue affects MobileSafari on iOS prior to 4.3 where launching applications via URL handlers is not implemented correctly. This allows remote attackers to trigger a denial of service through crafted JavaScript, resulting in persistent applic...

CVE-2007-3896

The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe...

WinSCP unfiltered shell characters security vulnerability

Shell characters problem on sftp:// and scp:// URL handlers...

ADVISORY: Windows Shell Overflow

Windows Shell Overflow Release Date: March 8, 2002 Severity: Medium Systems Affected: Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 Terminal Server Edition Microsoft Windows 2000 Description: There exists a buffer overflow vulnerability...