Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/03/02 6:55 p.m.16 views

CVE-2026-21853 AFFiNE: One-click Remote Code Execution through Custom URL Handling

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...

8.8CVSS0.00288EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/03/02 12:0 a.m.3 views

PT-2026-22689

Name of the Vulnerable Software and Affected Versions AFFiNE versions prior to 0.25.4 Description AFFiNE is an open-source workspace and operating system. Versions prior to 0.25.4 contain a one-click remote code execution issue. An attacker can exploit this by embedding a specially crafted affine...

8.8CVSS6.7AI score0.00288EPSS
Exploits1References9
Cvelist
Cvelistadded 2025/10/03 8:0 p.m.5 views

CVE-2025-54374 Eidos: One-click Remote Code Execution through Custom URL Handling

Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, including a malicious one they control. When a...

8.8CVSS0.00354EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/09/05 4:22 a.m.4 views

CVE-2025-58176

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...

8.8CVSS8.2AI score0.00587EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/09/03 12:0 a.m.3 views

PT-2025-35657

Name of the Vulnerable Software and Affected Versions Dive versions 0.9.0 through 0.9.3 Description Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Versions 0.9.0 through 0.9.3 contain a Remote Code Execution RCE vulnerability triggered by ...

8.8CVSS7.5AI score0.00587EPSS
Exploits1References12
Amazon
Amazonadded 2025/04/01 12:0 a.m.6 views

Important: thunderbird

Issue Overview: Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100. CVE-2022-29912 The parent process would not properly check whether the Speech Synthesis feature is...

8.1CVSS8.8AI score0.00912EPSS
Exploits2
NVD
NVDadded 2021/07/14 2:15 a.m.10 views

CVE-2021-20747

Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

4.3CVSS0.00412EPSS
Exploits0References2
NVD
NVDadded 2002/03/15 5:0 a.m.12 views

CVE-2002-0070

Buffer overflow in Windows Shell used as the Windows Desktop allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled...

7.6CVSS7.7AI score0.3229EPSS
Exploits1References7
Rows per page
Query Builder