CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

185 matches found

GithubExploit•added 5 days ago•55 views

Exploit for CVE-2026-26897

EcoOnline EHS Android — Deep Link Validation Bypass → WebVie...

6AI score

Exploits1

Vulnrichment•added 6 days ago•6 views

CVE-2026-8993 Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...

6.5CVSS5.8AI score0.00033EPSS

Exploits0References2

NVD•added 2026/05/01 4:16 p.m.•2 views

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

4.3CVSS0.00011EPSS

Exploits0References2

CNNVD•added 2026/05/01 12:0 a.m.•8 views

Facebook WhatsApp 安全漏洞

Facebook WhatsApp is a suite of Android-based mobile applications from Facebook, Inc. in the United States that utilize the Internet to deliver text messages. The application uses the contact information in a smartphone to find contacts using the software to send texts, pictures, and more. A...

4.3CVSS5.9AI score0.00011EPSS

Exploits0References1

OSV•added 2026/04/21 5:15 p.m.•0 views

GHSA-JJ38-H5W5-MVPF October CMS: Reflected XSS via DataTable Form Widget

A reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. Impact - Reflected XSS only, no stored/persistent component - The backend URL prefix is customizable and must be known or guessed ...

3.1CVSS5.7AI score0.00036EPSS

Exploits0References3

OSV•added 2026/03/10 9:4 p.m.•2 views

GHSA-F45G-68Q3-5W8X Elysia has a string URL format ReDoS

Impact t.String format: 'url' is vulnerable to redos Repeating a partial url format protocol and hostname multiple times cause regex to slow down significantly js 'http://a'.repeatn Here's a table demonstrating how long it takes to process repeated partial url format | n repeat | elapsedms | | --...

7.5CVSS5.9AI score0.00027EPSS

Exploits1References4

Vulnrichment•added 2026/03/02 6:55 p.m.•2 views

CVE-2026-21853 AFFiNE: One-click Remote Code Execution through Custom URL Handling

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...

8.8CVSS6.6AI score0.00288EPSS

Exploits1References3

Cvelist•added 2026/03/02 6:55 p.m.•17 views

CVE-2026-21853 AFFiNE: One-click Remote Code Execution through Custom URL Handling

8.8CVSS0.00288EPSS

Exploits1References3

Positive Technologies•added 2026/03/02 12:0 a.m.•4 views

PT-2026-22689

Name of the Vulnerable Software and Affected Versions AFFiNE versions prior to 0.25.4 Description AFFiNE is an open-source workspace and operating system. Versions prior to 0.25.4 contain a one-click remote code execution issue. An attacker can exploit this by embedding a specially crafted affine...

8.8CVSS6.7AI score0.00288EPSS

Exploits1References9

RedhatCVE•added 2026/01/24 3:17 a.m.•6 views

CVE-2025-67230

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...

7.1CVSS5.4AI score0.00019EPSS

Exploits0References1

OSV•added 2026/01/23 5:16 p.m.•2 views

CVE-2025-67230

7.1CVSS5.8AI score0.00019EPSS

Exploits0References2

Vulnrichment•added 2026/01/23 12:0 a.m.•3 views

CVE-2025-67230

5.4AI score0.00019EPSS

Exploits0References2

Cvelist•added 2026/01/23 12:0 a.m.•24 views

CVE-2025-67230

0.00019EPSS

Exploits0References2

ATTACKERKB•added 2026/01/23 12:0 a.m.•3 views

CVE-2025-67230

7.1CVSS5.9AI score0.00019EPSS

Exploits0References3

CVE•added 2026/01/23 12:0 a.m.•5 views

CVE-2025-67230

The CVE-2025-67230 issue affects ToDesktop Builder v0.33.0, where improper permissions in the Custom URL Scheme handler allow attackers with renderer-context access to invoke external protocol handlers without sufficient validation. This creates a risk of abuse via unvalidated external protocol i...

7.1CVSS5.4AI score0.00019EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/01/09 12:31 p.m.•3 views

CVE-2023-40530

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device...

4.7CVSS6.8AI score0.00077EPSS

Exploits0References1

CVE•added 2026/01/05 5:37 p.m.•7 views

CVE-2025-55204

The CVE-2025-55204 entry concerns the Muffon desktop music client. Affected versions are prior to 2.3.0, where a one-click Remote Code Execution (RCE) vulnerability exists via a specially crafted muffon:// link. When a user visits a page or clicks the link, Muffon’s custom URL handler is triggere...

9.6CVSS6.7AI score0.0029EPSS

Exploits1References3Affected Software1