Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/03/24 3:7 p.m.18 views

CVE-2026-33335 Vikunja Desktop allows arbitrary local application invocation via unvalidated shell.openExternal

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...

6.4CVSS0.00248EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18073

Malicious code in bioql PyPI...

8.2CVSS7.9AI score0.00551EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/06/15 12:0 a.m.3 views

GLSA-202506-13 : Konsole: Code execution

The remote host is affected by the vulnerability described in GLSA-202506-13 Konsole: Code execution Konsole supports loading URLs from the scheme handlers such as telnet://URL. This can be executed regardless of whether the telnet binary is available. It would fallback to bash in that case and...

8.2CVSS7.9AI score0.00551EPSS
Exploits0References3
OSV
OSV
added 2025/06/11 1:15 a.m.4 views

CVE-2025-49091

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...

8.5AI score
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/06/11 12:0 a.m.4 views

CVE-2025-49091

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...

8.2CVSS8.5AI score0.00551EPSS
Exploits0References6
Rows per page
Query Builder