PT-2026-48865

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

CVE-2026-23866

CVE-2026-23866 affects WhatsApp for iOS and Android, in conjunction with Instagram Reels, where incomplete validation of AI-rich response messages could allow a user to trigger processing of media from an arbitrary URL on another user’s device, potentially invoking OS-controlled custom URL scheme...

CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

Linux Distros Unpatched Vulnerability : CVE-2017-7090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes...

"@cosme" App fails to restrict custom URL schemes properly

Overview "@cosme" App provided by istyle Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Pantuhong Sorasiri of LAC Co., Ltd. reported this...

"Rakuten Ichiba App" fails to restrict custom URL schemes properly

Overview "Rakuten Ichiba App" provided by Rakuten Group, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Shiga Takuma of BroadBand Security...

"Mercari" App for Android fails to restrict custom URL schemes properly

Overview "Mercari" App for Android by Mercari, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Shiga Takuma of BroadBand Security Inc...

"Rikunabi NEXT" App for Android fails to restrict custom URL schemes properly

Overview "Rikunabi NEXT" App for Android provided by Recruit Co., Ltd. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Nao Komatsu of LAC Co.,...

Nike App fails to restrict custom URL schemes properly

Overview Nike App by Nike, Inc. provides the function to access a requested URL using Custom URL Scheme. The app does not restrict access to the function properly CWE-939 which may be exploited to direct the app to access any sites. Impact A remote attacker may lead a user to access an arbitrary...