20 matches found
EUVD-2020-26784
Malware in sbrugna...
EUVD-2021-8189
Malicious code in bioql PyPI...
EUVD-2023-43230
Malicious code in bioql PyPI...
EUVD-2022-53133
Malicious code in bioql PyPI...
EUVD-2024-52242
Malicious code in bioql PyPI...
EUVD-2024-20892
Malicious code in bioql PyPI...
CVE-2024-25559
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...
CVE-2023-39507
Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website...
CVE-2024-54014
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application installed on the user's device...
CVE-2024-25559
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...
CVE-2023-40530
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device...
CVE-2023-40530
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device...
CVE-2023-39507
Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website...
CVE-2023-39507
Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website...
CVE-2023-39507
The CVE-2023-39507 entry concerns the Android app “Rikunabi NEXT” by Recruit. The vulnerability is in the app’s Custom URL Scheme handler, enabling improper authorization that can cause the app to navigate a user to an arbitrary website. Affected versions are Android prior to ver. 11.5.0. The roo...
JVN#89126639: Nike App fails to restrict custom URL schemes properly
Nike App by Nike, Inc. provides the function to access a requested URL using Custom URL Scheme. The app does not restrict access to the function properly CWE-939 which may be exploited to direct the app to access any sites. Impact A remote attacker may lead a user to access an arbitrary website v...
CVE-2021-20733
Improper authorization in handler for custom URL scheme vulnerability in あすけんダイエット asken diet for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...
CVE-2021-20733
CVE-2021-20733 concerns Asken Diet (Android) where improper authorization in the handler for a custom URL scheme allows a remote attacker to steer a user to an arbitrary website via the vulnerable app. Affected versions are v3.0.0 through v4.2.x. The root cause is insufficient access control arou...
Hot Pepper Gourmet App fails to restrict access permissions
Overview Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execut...
Code injection
NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...