CVE-2026-33335

Vikunja Desktop Electron wrapper risk (CVE-2026-33335). The vulnerability affects Vikunja Desktop prior to 2.2.0, where URLs from window.open() are passed directly to shell.openExternal() without validation or protocol allowlisting. An attacker who can insert a link (e.g., target="_blank" in user...

EUVD-2025-24161

Malicious code in bioql PyPI...

CVE-2019-12805

NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This...

CVE-2019-12805

NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This...

PT-2019-12955 · Cncsoft · Ncsoft Game Launcher +1

Name of the Vulnerable Software and Affected Versions: NCSOFT Game Launcher, NC Launcher2 versions 2.4.1.691 and earlier Description: The issue is related to a vulnerability in the custom protocol handler, which could allow a remote attacker to execute arbitrary commands. This requires user...

CVE-2019-6453

mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling Chrome is not exploitable...