CVE-2026-40280

Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...

Gotenberg 代码问题漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg 8.30.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the default private IP denial-of-service list usin...

CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

CVE-2026-27018

CVE-2026-27018 affects Gotenberg and is a case-insensitive URL-scheme bypass of the prior fix for CVE-2024-21527. The root cause is a case-sensitive deny-list regex in Chromium URL handling, allowing mixed-case or uppercase schemes to bypass the deny-list. The issue has been patched in Gotenberg ...

CVE-2022-20205

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

Shopify: URL Scheme Validation Bypass in Shopify Mobile App Allows Javascript Execution

A vulnerability in the Shopify mobile application allowed bypassing URL scheme validation in the NavigationActivity component. Attackers could craft malicious URLs using data: or javascript: schemes to execute JavaScript code within the app's webview context...

CVE-2022-20205

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

PUB-A-215212561

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Mageia: Security Advisory (MGASA-2019-0318)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0187)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of servic...

USN-4127-2: Python vulnerabilities

USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume...

USN-4127-1: Python vulnerabilities

It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-20406 It was discovered that Python incorrectly validated t...

GHSA-M9MQ-P2F9-CFQV Bleach URI Scheme Restriction Bypass

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized...

Bleach URI Scheme Restriction Bypass

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized...

FreeBSD : chromium -- multiple vulnerabilities (9118961b-9fa5-11e6-a265-3065ec8fd3ec)

Google Chrome Releases reports : 21 security fixes in this release, including : - 645211 High CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous - 638615 High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go of STEALIEN - 645122 High CVE-2016-5183: Use after free in PDFium. Credi...

Google Chrome Scheme Bypass Vulnerability

Google Chrome is a popular web browser. Google Chrome vulnerability has a security flaw. An attacker can exploit the vulnerability to bypass security restrictions...

chromium-browser: scheme bypass

Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 21 security fixes in this release, including: 645211 High CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous 638615 High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go of STEALIEN 645122 High CVE-2016-5183: Use after free in PDFium. Credit to...

Security update for Chromium (important)

Chromium was updated to 47.0.2526.80 to fix security issues and bugs. The following vulnerabilities were fixed: CVE-2015-6788: Type confusion in extensions CVE-2015-6789: Use-after-free in Blink CVE-2015-6790: Escaping issue in saved pages CVE-2015-6791: Various fixes from internal audits, fuzzin...

Security update for Chromium (important)

Chromium was updated to 47.0.2526.80 to fix security issues and bugs. The following vulnerabilities were fixed: CVE-2015-6788: Type confusion in extensions CVE-2015-6789: Use-after-free in Blink CVE-2015-6790: Escaping issue in saved pages CVE-2015-6791: Various fixes from internal audits, fuzzin...