CVE-2025-3839

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

CVE-2025-3839 Epiphany: insecure external protocol invocation in epiphany

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

CVE-2025-0549 Authentication Bypass Using an Alternate Path or Channel in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through...

CVE-2023-50231

NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploi...

CVE-2023-42034 Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability

Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user interaction is required to exploit this...

kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction

A flaw was found in the KDE Frameworks KConfig prior to version 5.61.0. Certain syntax commands were allowed in .desktop, .directory, and configuration files to allow flexible configurations with the desktop environment. An attacker could add malicious code to a file that a user would...

Remote Code Execution (RCE)

The K Desktop Environment KDE aka kdelibs is vulnerable to Remote Code Execution RCE. It is due to malicious desktop files and configuration files leading to code execution with minimal user interaction...

UBUNTU-CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...

Fedora Update for webkitgtk4 FEDORA-2018-93ba62d099

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Office ClickOnce Unsafe Execution

Added: 01/16/2012 CVE: CVE-2012-0013 BID: 51284 OSVDB: 78207 Background ClickOnce is a deployment technology that allows developers to create self-updating Windows-based applications that can be installed and run with minimal user interaction. A ClickOnce application is any Windows Presentation...