24 matches found
CVE-2026-42184 Tauri: Origin Confusion Allows Remote Pages to Invoke Local-Only IPC Commands
Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...
RLSA-2025:1915 Important: emacs security update
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme CVE-2025-1244 For...
Important: Red Hat Security Advisory: emacs security and bug fix update
An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Important: emacs security update
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme CVE-2025-1244 For...
CVE-2025-1244
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...
CVE-2025-1244 Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...
CVE-2025-1244
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...
CVE-2025-1244 Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...
CVE-2025-1244
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. Mitigatio...
GHSA-HVXG-77MG-VRVP Mattermost Desktop App Remote Code Execution
Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes...
CVE-2024-37182
Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes...
CVE-2024-37182 Lack of permissions prompting when opening external URLs
Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes...
PT-2024-27360 · Mattermost · Mattermost Desktop App
Name of the Vulnerable Software and Affected Versions: Mattermost Desktop App versions =5.7.0 Description: The issue allows a remote attacker to force a victim to run arbitrary programs on their system via custom URI schemes, due to the application's failure to correctly prompt for permission whe...
CVE-2020-14049
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...
May 29, 2019—KB4497935 (OS Build 18362.145)
May 29, 2019—KB4497935 OS Build 18362.145 Improvements and fixes This update includes quality improvements. Key changes include: Addresses an issue in which Device-S4 may be applied unexpectedly while the system is using AC power. For more information, see Device-S4 may be applied unexpectedly...
EA Origin < 10.5.38 - Remote Code Execution Vulnerability
Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...
EA Origin Remote Code Execution
Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...
April 9, 2019—KB4493451 (Monthly Rollup)
April 9, 2019—KB4493451 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4489920 released March 19, 2019 and addresses the following issues: Addresses an issue that causes the error "0x3Bc0000005win32k!vSetPointer" when the...
April 9, 2019—KB4493475 (OS Build 10240.18186)
April 9, 2019—KB4493475 OS Build 10240.18186 Improvements and fixes This update includes quality improvements. Key changes include: Addresses an issue that may cause applications that use MSXML6 to stop responding if an exception was thrown during node operations. Addresses an issue that causes t...
March 12, 2019—KB4489886 (OS Build 16299.1029)
March 12, 2019—KB4489886 OS Build 16299.1029 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change plea...