Lucene search
K

2720 matches found

Github Security Blog
Github Security Blog
added 2026/06/15 7:28 p.m.12 views

PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes

!NOTE The library does not directly return non-HTTPS URI contents to the attacker; the chained "plant a JWKS to forge tokens" scenario described in the original report requires additional application-layer flaws attacker write access to a filesystem path, untrusted jku derivation that this fix do...

8.8CVSS5.6AI score0.02214EPSS
Exploits1References4Affected Software1
Hacker One
Hacker One
added 2026/06/15 11:37 a.m.123 views

curl: Secure cookies leaked to HTTP origins through HTTPS forwarding proxy

Summary: When curl accesses an http:// origin through an HTTPS forwarding proxy, it sends Secure cookies in the request. The cookies travel in cleartext between the proxy and the origin server, visible to the proxy operator and anyone on that network path. curl also reports CURLINFOSCHEME as...

5.5AI score
Exploits0
Veracode
Veracode
added 2026/06/15 11:24 a.m.10 views

Cross-site Scripting

Nuxt is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation of URL schemes in the component, where attacker-controlled values supplied to the to or href props can contain javascript: or vbscript: URLs that are rendered directly into the underlying element,...

5.4CVSS5.6AI score0.00198EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/15 12:31 a.m.14 views

EUVD-2026-36668

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References7
NVD
NVD
added 2026/06/14 11:16 p.m.12 views

CVE-2026-12190

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS0.00105EPSS
Exploits0References5
NVD
NVD
added 2026/06/14 11:16 p.m.10 views

CVE-2026-12189

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS0.00105EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/14 10:45 p.m.10 views

CVE-2026-12190 Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS5.3AI score0.00105EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/14 10:45 p.m.34 views

CVE-2026-12190 Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS0.00105EPSS
Exploits0References5
CVE
CVE
added 2026/06/14 10:45 p.m.27 views

CVE-2026-12190

The CVE-2026-12190 entry concerns Genspark AI Workspace App version 2.8.4 on Android, affecting the ai.mainfunc.genspark component. The issue is described as improper authorization in the handler for a custom URL scheme, with exploitation limited to a local environment. The provided documents do ...

5.3CVSS5.5AI score0.00105EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/14 10:30 p.m.29 views

CVE-2026-12189 Moovit Bus & Public Transit App com.tranzmate improper authorization in handler for custom url scheme

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS0.00105EPSS
Exploits0References6
CVE
CVE
added 2026/06/14 10:30 p.m.24 views

CVE-2026-12189

The CVE-2026-12189 entry concerns Moovit Bus & Public Transit App 1.18 on Android, affecting the com.tranzmate component. The flaw is described as improper authorization in the handler for a custom URL scheme, enabling a local attacker to manipulate the app. Exploitability is local with low attac...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/14 10:30 p.m.12 views

CVE-2026-12189 Moovit Bus & Public Transit App com.tranzmate improper authorization in handler for custom url scheme

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS5.3AI score0.00105EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.16 views

PT-2026-49146

Name of the Vulnerable Software and Affected Versions Moovit Bus & Public Transit App version 1.18 Description A flaw in the com.tranzmate component of the Android application allows for improper authorization within the handler for custom URL schemes. This issue requires local execution to...

5.3CVSS5.8AI score0.00105EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.17 views

PT-2026-49147

Name of the Vulnerable Software and Affected Versions Genspark AI Workspace App version 2.8.4 Description An issue exists in the ai.mainfunc.genspark component of the Android application. Improper authorization occurs within the handler for custom URL schemes, which can be exploited by an attacke...

5.3CVSS5.6AI score0.00105EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/12 10:9 p.m.7 views

Cross-site Scripting (XSS)

Overview sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Cross-site Scripting XSS incomplete validation of URI schemes in attributes su...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 10:9 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS incomplete validation of URI schemes in attributes such as action, formaction, data, poster, and background. An attacker can execute arbitrary scripts in the context of the user’s browser by injecting a crafted...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 8:43 p.m.12 views

CVE-2026-45011 Apostrophe has stored XSS via javascript: URL in Image Widget Link

ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to...

7.3CVSS5.2AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 7:16 p.m.15 views

CVE-2026-53408

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 7:16 p.m.21 views

CVE-2026-53407

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

9.8CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 5:57 p.m.39 views

CVE-2026-53408

The CVE-2026-53408 vulnerability affects Zoom Workplace: Android before 7.0.4 and iOS before 7.0.3. It is due to Improper Authorization in the Handler for a Custom URL Scheme, enabling an unauthenticated privilege escalation via network access. The CVSSv3.1 base score is 8.1 (High) with Network a...

8.1CVSS5.3AI score0.00211EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder