2 matches found
CVE-2026-21853 AFFiNE: One-click Remote Code Execution through Custom URL Handling
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...
CVE-2025-55204
The CVE-2025-55204 entry concerns the Muffon desktop music client. Affected versions are prior to 2.3.0, where a one-click Remote Code Execution (RCE) vulnerability exists via a specially crafted muffon:// link. When a user visits a page or clicks the link, Muffon’s custom URL handler is triggere...