Lucene search
K

61 matches found

AlpineLinux
AlpineLinux
added 2025/06/11 1:15 a.m.4 views

CVE-2025-49091

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...

8.2CVSS8.6AI score0.00551EPSS
Exploits0References7
OSV
OSV
added 2025/05/26 1:15 p.m.2 views

CVE-2025-5186

A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request...

8.8CVSS6.9AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/26 1:0 p.m.9 views

CVE-2025-5186 thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery

A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request...

6.5CVSS6.4AI score0.00387EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/05/26 1:0 p.m.11 views

CVE-2025-5186 thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery

A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request...

6.5CVSS0.00387EPSS
Exploits1References4
CVE
CVE
added 2025/05/26 1:0 p.m.52 views

CVE-2025-5186

CVE-2025-5186 affects thinkgem JeeSite up to 5.11.1. The vulnerability concerns ResourceLoader.getResource in the URI Scheme Handler, specifically the /cms/fileTemplate/form component, where manipulating the Name parameter leads to server-side request forgery (SSRF). The issue can be exploited re...

8.8CVSS6.5AI score0.00387EPSS
Exploits1References4Affected Software1
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.5 views

Astra Linux – Vulnerability in Firefox

Firefox typically asks for confirmation before requesting the operating system to find an application to handle schemes that the browser does not support. It did not ask for confirmation before handling Usenet-related schemes like news: and snews:. Since most operating systems do not have a trust...

7.5CVSS7.2AI score0.00637EPSS
Exploits0References3
OSV
OSV
added 2024/09/03 1:15 p.m.3 views

DEBIAN-CVE-2024-8383

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader...

7.5CVSS8.2AI score0.00637EPSS
Exploits0References1
OSV
OSV
added 2024/09/03 1:15 p.m.3 views

UBUNTU-CVE-2024-8383

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader...

7.5CVSS7.2AI score0.00637EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/06/19 12:0 a.m.3 views

PT-2024-26422 · Unknown · Zozotown App For Android

Name of the Vulnerable Software and Affected Versions: ZOZOTOWN App for Android versions prior to 7.39.6 Description: The issue is related to improper authorization in the handler for a custom URL scheme, which allows an attacker to lead a user to access an arbitrary website via another applicati...

4.3CVSS7.1AI score0.00289EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.3 views

SUSE CVE-2011-1709

GNOME Display Manager gdm before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type...

7.2CVSS7.2AI score0.00432EPSS
Exploits0References3
OSV
OSV
added 2022/03/28 9:15 p.m.4 views

CVE-2017-20012

A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This...

5.5CVSS4.9AI score0.0029EPSS
Exploits0References3
NVD
NVD
added 2022/03/28 9:15 p.m.24 views

CVE-2017-20012

A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This...

5.5CVSS0.0029EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/03/28 8:45 p.m.27 views

CVE-2017-20012 WEKA INTEREST Security Scanner Stresstest Scheme denial of service

A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This...

2.8CVSS5.5AI score0.0029EPSS
Exploits0References3
CVE
CVE
added 2022/03/28 8:45 p.m.50 views

CVE-2017-20012

CVE-2017-20012 affects WEKA INTEREST Security Scanner up to v1.8, specifically the Stresstest Scheme Handler. The vulnerability enables a local denial-of-service condition; the exploit has been disclosed and the affected product is no longer supported. Some sources suggest a workaround: disable t...

5.5CVSS4.3AI score0.0029EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/03/28 12:0 a.m.4 views

WEKA INTEREST Security Scanner 安全漏洞

WEKA INTEREST Security Scanner is a popular data exploration program by the University of Waikato team. A security vulnerability exists in WEKA INTEREST Security Scanner version 1.8 Stresstest Scheme Handler. No information about the vulnerability is available at this time, please check CNNVD or...

5.5CVSS5.8AI score0.0029EPSS
Exploits0References4
OSV
OSV
added 2021/07/07 8:15 a.m.4 views

CVE-2021-20777

Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

4.3CVSS5.9AI score0.00869EPSS
Exploits0References1
OSV
OSV
added 2021/06/22 2:15 a.m.5 views

CVE-2021-20733

Improper authorization in handler for custom URL scheme vulnerability in あすけんダイエット asken diet for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

6.1CVSS5.9AI score0.00821EPSS
Exploits0References2
NVD
NVD
added 2021/02/04 5:15 a.m.21 views

CVE-2021-3401

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer...

9.8CVSS0.10478EPSS
Exploits0References2
OSV
OSV
added 2021/02/04 5:15 a.m.11 views

CVE-2021-3401

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer...

9.8CVSS7.9AI score
Exploits0References2
Prion
Prion
added 2021/02/04 5:15 a.m.13 views

Code injection

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer...

7.5CVSS9.8AI score0.10478EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder