53 matches found
CVE-2026-45035
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...
PT-2026-41320
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...
Astra Linux - уязвимость в firefox
Firefox typically asks for confirmation before requesting the operating system to find an application to handle schemes that the browser does not support. It did not ask for confirmation before handling Usenet-related schemes such as news: and snews:. Since most operating systems do not have a...
CVE-2026-30797 RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server
Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, config import modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...
CVE-2026-30797
Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, config import modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...
CVE-2026-30791
CVE-2026-30791 affects RustDesk Client up to version 1.4.5 across Windows, macOS, Linux, iOS, Android, and WebClient. The issue stems from use of a broken or risky cryptographic algorithm in config import, URI scheme handler, and CLI --config modules, enabling retrieval of embedded sensitive data...
CVE-2026-30791 RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...
PT-2026-23451
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...
PT-2026-4497
Name of the Vulnerable Software and Affected Versions ToDesktop Builder version 0.33.0 Description A flaw exists in the Custom URL Scheme handler within ToDesktop Builder. Insufficient validation when invoking external protocol handlers from the renderer context allows attackers with...
ToDesktop Builder security vulnerabilities
ToDesktop Builder is a desktop application building tool developed by ToDesktop Company in Ireland. Version 0.33.0 of ToDesktop Builder contains a security vulnerability. This vulnerability stems from improper permissions granted to the custom URL scheme handler, which may allow attackers to invo...
EUVD-2025-16275
Malicious code in bioql PyPI...
CVE-2025-54374 Eidos: One-click Remote Code Execution through Custom URL Handling
Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, including a malicious one they control. When a...
PT-2025-36110
Name of the Vulnerable Software and Affected Versions: Yahoo! Shopping App for Android versions prior to 14.15.0 Description: Improper authorization in the handler for a custom URL scheme in the Yahoo! Shopping App for Android may allow a remote, unauthenticated attacker to redirect a user to an...
CVE-2025-49091
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...
CVE-2025-5186
A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request...
CVE-2025-5186 thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery
A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request...
CVE-2025-5186 thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery
A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request...
CVE-2025-5186
CVE-2025-5186 affects thinkgem JeeSite up to 5.11.1. The vulnerability concerns ResourceLoader.getResource in the URI Scheme Handler, specifically the /cms/fileTemplate/form component, where manipulating the Name parameter leads to server-side request forgery (SSRF). The issue can be exploited re...
DEBIAN-CVE-2024-8383
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader...
UBUNTU-CVE-2024-8383
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader...