CVE-2026-0870

MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges...

CVE-2021-47903

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

CVE-2021-47903

LiteSpeed Web Server Enterprise version 5.4.11 has an authenticated command injection vulnerability in the external app configuration interface. A user with administrative privileges can inject shell commands via the Command parameter, enabling remote code execution through path traversal and bas...

CVE-2021-47903 LiteSpeed Web Server Enterprise 5.4.11 - Command Injection

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

PT-2026-4516

Name of the Vulnerable Software and Affected Versions LiteSpeed Web Server Enterprise version 5.4.11 Description LiteSpeed Web Server Enterprise version 5.4.11 has an issue where a user with administrative privileges can inject commands into the system. This occurs through the 'Command' parameter...

AgentFlayer 0-click exploit abuses ChatGPT Connectors to Steal 3rd-party app data

AgentFlayer is a critical vulnerability in ChatGPT Connectors. Learn how this zero-click attack uses indirect prompt injection to…...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2025-15500)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which originates from External App Open Prompt for Android can be bypassed and can be exploited by attackers to bypass security restrictions...

CVE-2025-6431

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...

CVE-2025-6431

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which originates from External App Open Prompt for Android can be bypassed and can be exploited by attackers to bypass security restrictions...

PT-2025-12830

Name of the Vulnerable Software and Affected Versions NASA cFS Core Flight System Aquila affected versions not specified Description The issue allows the onboard software to be put into a state that prevents the launch of any external application, resulting in a platform denial of service...

Security Vulnerabilities fixed in Firefox 136 — Mozilla

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could...

CVE-2024-11700

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox 133 and Thunderbird 133...

UBUNTU-CVE-2024-11700

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox 133 and Thunderbird 133...

PT-2023-3557 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 25.0.0 through 25.0.7 Nextcloud Server versions 26.0.0 through 26.0.2 Nextcloud Enterprise Server versions 19.0.0 through 19.0.13.9 Nextcloud Enterprise Server versions 20.0.0 through 20.0.14.14 Nextcloud Enterprise...

CVE-2023-25749

Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other version...

CVE-2023-25749

Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other version...

CVE-2020-1697

It was found in all keycloak versions before 9.0.0 that links to external applications Application Links in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further...

CVE-2020-5519

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...

Design/Logic Flaw

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...