Lucene search
K

2717 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 5:57 p.m.9 views

CVE-2026-53408

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS5.3AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 5:57 p.m.26 views

CVE-2026-53408

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 5:57 p.m.39 views

CVE-2026-53408

The CVE-2026-53408 vulnerability affects Zoom Workplace: Android before 7.0.4 and iOS before 7.0.3. It is due to Improper Authorization in the Handler for a Custom URL Scheme, enabling an unauthenticated privilege escalation via network access. The CVSSv3.1 base score is 8.1 (High) with Network a...

8.1CVSS5.3AI score0.00211EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/06/12 5:56 p.m.11 views

CVE-2026-53407

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS5.3AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 5:56 p.m.12 views

EUVD-2026-36522

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS5.3AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 5:56 p.m.29 views

CVE-2026-53407

CVE-2026-53407 relates to Zoom Workplace on Android and iOS, where the handler for custom URL schemes suffers improper authorization. The issue could allow an unauthenticated user to escalate privileges via network access. Affected products/versions: Zoom Workplace for Android before 7.0.4 and Zo...

9.8CVSS5.3AI score0.00231EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/12 5:56 p.m.32 views

CVE-2026-53407

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 5:16 p.m.26 views

CVE-2026-7387

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...

8.8CVSS0.00298EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 3:54 p.m.31 views

CVE-2026-7387 Mattermost group syncable endpoints allow privilege escalation via scheme_admin

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...

8.8CVSS0.00298EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 3:54 p.m.10 views

CVE-2026-7387 Mattermost group syncable endpoints allow privilege escalation via scheme_admin

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...

8.8CVSS5.3AI score0.00298EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 3:16 p.m.13 views

CVE-2026-53722

Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application binds attacker-controlled input a...

5.4CVSS0.00198EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 2:16 p.m.12 views

CVE-2026-12065

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

1.8CVSS0.00106EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/12 1:44 p.m.8 views

CVE-2026-53722 Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL

Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application binds attacker-controlled input a...

5.1CVSS4.8AI score0.00198EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 1:44 p.m.29 views

CVE-2026-53722

CVE-2026-53722 affects Nuxt.js prior to versions 3.21.7 and 4.4.7, where did not validate URL schemes bound to its to or href before rendering. Attacker-controlled input (query parameters, CMS fields, or user URLs) can be reflected into the href attribute, enabling reflected DOM-based XSS via ja...

5.4CVSS4.8AI score0.00198EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 12:30 p.m.7 views

CVE-2026-12065 Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

1.8CVSS3.5AI score0.00106EPSS
Exploits0References6
CVE
CVE
added 2026/06/12 12:30 p.m.19 views

CVE-2026-12065

Groww Android app (Groww Stock, Mutual Fund, Gold App) up to 20260805 is affected due to improper authorization in the WebView URL Handler for a custom URL scheme. The issue is located in an unknown part of the WebView URL handling logic and can be triggered on a physical device. Exploitation sta...

1.8CVSS3.8AI score0.00106EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/12 12:30 p.m.26 views

CVE-2026-12065 Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

1.8CVSS0.00106EPSS
Exploits0References6
OSV
OSV
added 2026/06/11 1:27 p.m.9 views

GHSA-X426-X7CC-3FPC @hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects

Impact Wreck strips credential headers Authorization, Cookie, Proxy-Authorization before following a cross-origin redirect, but the origin check compares hostnames only and ignores scheme and port. As a result, credentials are forwarded intact across same-host port changes and HTTPS-to-HTTP...

6.5CVSS5.5AI score0.0001EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/11 1:27 p.m.11 views

@hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects

Impact Wreck strips credential headers Authorization, Cookie, Proxy-Authorization before following a cross-origin redirect, but the origin check compares hostnames only and ignores scheme and port. As a result, credentials are forwarded intact across same-host port changes and HTTPS-to-HTTP...

5.5AI score0.0001EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/10 2:16 a.m.15 views

CVE-2026-45542

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handlesessioncommand0 in...

7.1CVSS0.00325EPSS
Exploits0References7
Rows per page
Query Builder