68 matches found
EUVD-2025-30402
Malicious code in bioql PyPI...
EUVD-2025-10058
Malicious code in bioql PyPI...
EUVD-2025-25741
Malicious code in bioql PyPI...
CVE-2025-10787
A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has bee...
CVE-2025-10787
A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has bee...
PT-2025-38694
Name of the Vulnerable Software and Affected Versions MuYuCMS versions prior to 2.7 Description A server-side request forgery condition exists in MuYuCMS. The issue is located in an unknown function within the /index/index.html file of the Add Fiend Link Handler component. Manipulation of the Lin...
MuYuCMS 安全漏洞
MuYuCMS is a lightweight open source content management system open source by MuYuCMS. A security vulnerability exists in MuYuCMS 2.7 and earlier versions, which stems from the incorrect manipulation of the parameter Link URL of the component Add Fiend Link Handler in the file /index/index.html,...
CVE-2025-10472 harry0703 MoneyPrinterTurbo URL video.py stream_video path traversal
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function downloadvideo/streamvideo of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument filepath leads to path traversal. The attack can be...
CVE-2025-9414
A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request forgery. Remote...
Linux Distros Unpatched Vulnerability : CVE-2017-17520
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tools/urlhandler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...
CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling
DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...
CVE-2025-54063 Cherry Studio One-click Remote Code Execution Vulnerability through Custom URL Handling
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...
CVE-2025-54063 Cherry Studio One-click Remote Code Execution Vulnerability through Custom URL Handling
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...
Linux Distros Unpatched Vulnerability : CVE-2019-9794
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This coul...
Cursor 操作系统命令注入漏洞
Cursor is an AI code editor from Cursor open source. An operating system command injection vulnerability exists in Cursor versions 1.17 through 1.2, which stems from an information disclosure in the MCP deep link handler that could lead to arbitrary system command execution...
The vulnerability of the Link Handler component in the Mozilla Firefox browser allows a hacker to circumvent existing security restrictions.
The vulnerability of the Link Handler component in the Mozilla Firefox browser is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
CVE-2025-3691
A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-3691 mirweiye Seven Bears Library CMS Add Link server-side request forgery
A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...
Seven Bears Library CMS 安全漏洞
Seven Bears Library CMS is a content management system by mirweiye individual developer. A security vulnerability exists in Seven Bears Library CMS version 2023, which stems from the Add Link Handler component being susceptible to server-side request forgery attacks...
CVE-2025-3386
A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /adminlinks of the component Friendship Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The...