42 matches found
CVE-2026-21853 AFFiNE: One-click Remote Code Execution through Custom URL Handling
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...
CVE-2025-55204
muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...
CVE-2025-55204 muffon has One-click Remote Code Execution via XSS and Custom URL Handling
muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...
CVE-2025-55204 muffon has One-click Remote Code Execution via XSS and Custom URL Handling
muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...
CVE-2025-62119
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link custom-url-to-featured-image allows DOM-Based XSS.This issue affects Add Featured Image Custom Link: from n/a through = 2.0.0...
CVE-2025-62119
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link custom-url-to-featured-image allows DOM-Based XSS.This issue affects Add Featured Image Custom Link: from n/a through = 2.0.0...
CVE-2025-62119 WordPress Add Featured Image Custom Link plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link custom-url-to-featured-image allows DOM-Based XSS.This issue affects Add Featured Image Custom Link: from n/a through = 2.0.0...
EUVD-2025-205960
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link allows DOM-Based XSS.This issue affects Add Featured Image Custom Link: from n/a through 2.0.0...
WordPress Add Featured Image Custom Link plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Add Featured Image Custom Link versions = 2.0.0...
WordPress plugin Add Featured Image Custom Link 跨站脚本漏洞
...
PT-2025-54329
Name of the Vulnerable Software and Affected Versions ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link versions through 2.0.0 Description The software contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. Thi...
EUVD-2020-13193
Malware in sbrugna...
EUVD-2024-0528
Malicious code in bioql PyPI...
CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling
DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...
CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling
DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...
CVE-2025-54063
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...
CVE-2025-54063
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...
CVE-2025-54063 Cherry Studio One-click Remote Code Execution Vulnerability through Custom URL Handling
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...
CVE-2025-54063
CVE-2025-54063 affects Cherry Studio desktop client (versions 1.4.8–1.5.0) due to improper handling of custom URLs, enabling remote code execution when a user clicks a crafted link or visits a malicious site. The underlying vulnerability is triggered by the app’s custom URL handler, leading to co...
CVE-2025-54063 Cherry Studio One-click Remote Code Execution Vulnerability through Custom URL Handling
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...