CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the backend user interface functionality involving deep links. An attacker can manipulate the state-changing actions and trigger unauthorized commands by deceiving a victim into interacting with a...

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate the state-changing actions and delete items by sending a crafted URL to a logged-in user. Note: This is...

Exposed Dangerous Method or Function

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate or delete persisted form definitions by deceiving a...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the backend user interface functionality involving deep links. An attacker can manipulate the session and perform unauthorized actions. Note: This is only exploitable if the...

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate the victim's dashboard configuration by deceiving the victim into interacting with a malicious URL while...

PT-2025-3145 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

PT-2025-3151 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

Mozilla Focus 安全漏洞

Mozilla Focus is an American browser from the Mozilla Foundation for iOS devices. A security vulnerability exists in versions prior to Mozilla Focus 132, which stems from an application scheme that allows internal links to exploit deep links, potentially bypassing URL security checks...

TikTok 安全漏洞

Bytedance TikTok Jieyin International Version is an application for creating and sharing short videos by Chinese company Bytedance. A security vulnerability exists in TikTok versions prior to 34.5.5 that stems from allowing traversal of the Lynxview JavaScript interface via deep links...

PT-2024-5070 · Mcafee · Mcafee Security: Antivirus Vpn For Android

Name of the Vulnerable Software and Affected Versions: McAfee Security: Antivirus VPN for Android versions prior to 8.3.0 Description: The issue is related to improper exception handling, which could allow an attacker to cause a denial of service through the use of a malformed deep link. This can...

Mattermost Mobile Apps 安全漏洞

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps version 2.13.0 and earlier, which stems from the use of polynomial regular expressions to parse certain deep links, allowing an unauthenticated, remote attacker ...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung. A security vulnerability exists in SAMSUNG Mobile devices, which originates from a lack of appropriate interactions to open deep links in the Samsung Internet...

CVE-2024-21625

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...

Remote code execution

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...

CVE-2024-21625 One-click remote code execution via malicious deep link

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...

CVE-2024-21625

CVE-2024-21625 affects SideQuest desktop (pre-0.10.35). The vulnerability stems from improper sanitization of deep link URLs (sidequest://) in the Electron app, allowing a one-click remote code execution when a device is connected and a user clicks a malicious link from within the app. As of vers...

PT-2024-18977 · Sidequest · Sidequest

Name of the Vulnerable Software and Affected Versions: SideQuest versions prior to 0.10.35 Description: The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Due to improper sanitization of deep link URLs...

CVE-2023-6542

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL...

CVE-2023-6542

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL...