CVE-2026-45037

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

Electerm users can run dangrous code through link or command line

Impact Arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Affected users: electerm installs that accept protocol URLs or CLI options affected versions listed in the original report. Exploit requires clicking a crafted electerm://... link or opening a crafted...

CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

CVE-2026-34767

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

GHSA-4P4R-M79C-WQ3V Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Impact Apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or...

PT-2026-29997

Impact Apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or...

SUSE CVE-2026-23398

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmptagvalidation icmptagvalidation unconditionally dereferences the result of rcudereferenceinetprotosproto without checking for NULL. The inetprotos array is sparse -- only about 15 of 256...

Exploit for CVE-2026-20841

CVE-2026-20841 - Windows Notepad RCE PoC for a remote code ex...

CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: lookup hciconn on RX path on protocol side The hdev lock/lookup/unlock/use pattern in the packet RX path doesn't ensure hciconn is not concurrently modified/deleted. This locking appears to be leftover from...

CYPRESS: Transferring Secrets in the Shadow of Visible Packets

Network steganography and covert communication channels have been studied extensively in the past. However, prior works offer minimal practical use for their proposed techniques and are limited to specific use cases and network protocols. In this paper, we show that covert channels in networking...

Astra Linux - уязвимость в firefox, thunderbird

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

EUVD-2024-46862

Malicious code in bioql PyPI...

EUVD-2024-49913

Malicious code in bioql PyPI...

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

...

Astra Linux - уязвимость в firefox, thunderbird

By checking the results of calls to window.open with specifically configured protocol handlers, an attacker can determine whether the application that implements that protocol handler is installed. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...

firefox: thunderbird: External protocol handlers could be enumerated via popups

The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CentOS 7 : thunderbird (RHSA-2021:5046)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5046 advisory. - Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported...

firefox: thunderbird: External protocol handlers could be enumerated via popups

The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...