EUVD-2026-36668

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

CVE-2026-21853 AFFiNE: One-click Remote Code Execution through Custom URL Handling

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...

CVE-2025-55204

muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...

CVE-2025-55204 muffon has One-click Remote Code Execution via XSS and Custom URL Handling

muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...

CVE-2025-55204 muffon has One-click Remote Code Execution via XSS and Custom URL Handling

muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...

CVE-2025-62119

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link custom-url-to-featured-image allows DOM-Based XSS.This issue affects Add Featured Image Custom Link: from n/a through = 2.0.0...

CVE-2025-62119

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link custom-url-to-featured-image allows DOM-Based XSS.This issue affects Add Featured Image Custom Link: from n/a through = 2.0.0...

EUVD-2025-205960

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link allows DOM-Based XSS.This issue affects Add Featured Image Custom Link: from n/a through 2.0.0...

CVE-2025-62119 WordPress Add Featured Image Custom Link plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link custom-url-to-featured-image allows DOM-Based XSS.This issue affects Add Featured Image Custom Link: from n/a through = 2.0.0...

WordPress Add Featured Image Custom Link plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Add Featured Image Custom Link versions = 2.0.0...

PT-2025-54329

Name of the Vulnerable Software and Affected Versions ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link versions through 2.0.0 Description The software contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. Thi...

WordPress plugin Add Featured Image Custom Link 跨站脚本漏洞

...

EUVD-2020-13193

Malware in sbrugna...

EUVD-2024-0528

Malicious code in bioql PyPI...

CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...

CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...

CVE-2025-54063

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...

CVE-2025-54063

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...

CVE-2025-54063 Cherry Studio One-click Remote Code Execution Vulnerability through Custom URL Handling

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...

CVE-2025-54063 Cherry Studio One-click Remote Code Execution Vulnerability through Custom URL Handling

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...