CVE-2026-33335

CVE-2026-33335 affects Vikunja Desktop (Electron wrapper). From version 0.21.0 up to before 2.2.0, the wrapper forwards URLs from window.open() directly to shell.openExternal() without validation or protocol allowlisting. This enables an attacker who can inject a link that triggers window.open (e...

EUVD-2025-24161

Malicious code in bioql PyPI...

CVE-2019-12805

NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This...

CVE-2019-12805

NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This...

PT-2019-12955 · Cncsoft · Ncsoft Game Launcher +1

Name of the Vulnerable Software and Affected Versions: NCSOFT Game Launcher, NC Launcher2 versions 2.4.1.691 and earlier Description: The issue is related to a vulnerability in the custom protocol handler, which could allow a remote attacker to execute arbitrary commands. This requires user...

CVE-2019-6453

mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling Chrome is not exploitable...