113 matches found
Docling Core: Unsafe remote filename resolution
Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...
WWBN AVideo 代码问题漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the Live re-stream log callback process accepting URLs controlled by attackers, which could lead to...
Use of Web Link to Untrusted Target with window.opener Access
Overview jupyterlab is a JupyterLab computational environment. Affected versions of this package are vulnerable to Use of Web Link to Untrusted Target with window.opener Access via the link rendering process in LaTeX typesetters for Markdown files and cells. An attacker can potentially manipulate...
IBM Sterling B2B Integrator和IBM Sterling File Gateway 安全漏洞
IBM Sterling B2B Integrator and IBM Sterling File Gateway are both products of International Business Machines IBM.IBM Sterling B2B Integrator is a suite of software that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B...
CVE-2018-25058
A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible ...
SUSE CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
PT-2025-3366 · Unknown · Shihuo Ios
Name of the Vulnerable Software and Affected Versions: Shihuo iOS version 8.16.0 Description: The issue allows attackers to access sensitive user information by supplying a crafted link. This enables unauthorized access to confidential data. Recommendations: For Shihuo iOS version 8.16.0, conside...
PT-2025-3365 · Unknown · Guazi Used Car
Name of the Vulnerable Software and Affected Versions: Guazi Used Car iOS version 10.15.1 Description: The issue allows attackers to access sensitive user information by supplying a crafted link. This enables unauthorized access to confidential user data. Recommendations: For Guazi Used Car iOS...
AZL-55652 CVE-2024-52006 affecting package git for versions less than 2.40.4-1
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems mos...
CVE-2024-49362
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...
PT-2024-9654 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to insufficient protection of the web page structure in Adobe Experience Manager, which could allow a remote attacker to execute arbitrary code. This is a...
PT-2024-29572 · Tracks · Tracks
Name of the Vulnerable Software and Affected Versions: Tracks versions prior to 2.7.1 Description: The issue allows for reflected cross-site scripting, which enables the execution of malicious JavaScript in the context of a user's browser if that user clicks on a malicious link. This can lead to...
Frappe Technologies Frappe 安全漏洞
Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. Frappe Technologies Frappe has a security vulnerability that originates from allowing redirects to untrusted external URls, which can be phished by...
PT-2024-21332 · Unknown · Focus For Ios
Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 123 Description: This issue allows an attacker to conduct a Universal Cross-Site Scripting UXSS attack on a victim website using a 302 redirect, provided the victim has a link to the attacker's website...
PT-2024-20541 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.0 Description: The issue affects JumpServer, an open source bastion host and operation and maintenance security audit system. Attackers can exploit this to construct malicious links, leading users to click on...
PT-2024-1554 · Sap · Sap Marketing
Name of the Vulnerable Software and Affected Versions: SAP Marketing Contacts App version 160 Description: The issue is related to a URL redirection vulnerability in the Contacts App component of the SAP Marketing system, which can be exploited by a remote attacker to conduct a phishing attack...
Meetup Tag 安全漏洞
Meetup Tag is a MediaWiki plugin. A security vulnerability exists in version 0.1 of the Meetup tag extension for mediawiki, which stems from some unknown handling in the component ink Attribute Handler, which can be used to access web links to untrusted targets via window.opener...
PT-2023-10829 · Mediawiki · Glb Meetup Tag Extension
Name of the Vulnerable Software and Affected Versions: glb Meetup Tag Extension version 0.1 Description: A vulnerability was found in the glb Meetup Tag Extension on MediaWiki, affecting the Link Attribute Handler component. The issue leads to the use of a web link to an untrusted target with...
SUSE CVE-2023-32758
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...
GHSA-4XQQ-73WG-5MJP git-url-parse Regular Expression Denial of Service
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...