CVE-2026-8993

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...

EUVD-2026-33493

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

CVE-2026-5016

CVE-2026-5016 affects elecV2 elecV2P up to 3.8.3. The vulnerability lies in the eAxios function in the /mock/URL Handler, where improper handling of the req argument allows server-side request forgery (SSRF). Exploitation is possible remotely, and a public exploit exists. The project was alerted ...

CVE-2026-2940 Zaher1307 tiny_web_server URL tiny.c out-of-bounds write

A vulnerability was determined in Zaher1307 tinywebserver up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tinywebserver/tiny.c of the file tinywebserver/tiny.c of the component URL Handler. This manipulation causes out-of-bounds write. The attack can be initiated remotel...

PT-2026-21427

Name of the Vulnerable Software and Affected Versions Zaher1307 tiny web server versions prior to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b Description A flaw exists in the URL Handler component of Zaher1307 tiny web server. This issue allows for an out-of-bounds write, potentially enabling remote...

CVE-2026-2141

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...

uCrop 代码问题漏洞

uCrop is an Android image cropping library open-sourced by Yalantis. A code issue vulnerability exists in uCrop version 2.2.11, which stems from a flaw in the function downloadFile in the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler, which could lead to server-sid...

PT-2025-50608

A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. The...

EUVD-2025-32528

A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing manipulation of the argument PHPSELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly...

CVE-2025-8535

A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...

The vulnerability of the URL Handler component in the Zimbra Collaboration Suite email management system allows attackers to execute arbitrary code, as a result of insufficient measures taken to protect the structure of the web page.

The vulnerability of the URL Handler component in the Zimbra Collaboration Suite corporate email management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created...

The vulnerability of the URL Handler component in SAP Companion software for interactive user training allows a attacker to carry out XSS attacks.

The vulnerability of the URL Handler component in SAP Companion’s interactive user training software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

CVE-2023-3843

A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is...