CVE-2025-3839 Epiphany: insecure external protocol invocation in epiphany

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

GHSA-27GC-WJ6X-9W55 Keycloak error_description injection on error pages that can trigger phishing attacks

Keycloak’s account console accepts arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading messages e.g., fake support phone numbers or...

GNOME Epiphany 安全漏洞

GNOME Epiphany is a clean, simple, clean, and aesthetically pleasing web view of GNOME Open Source. A security vulnerability exists in GNOME Epiphany, which stems from a design flaw that could lead to code execution on client devices through trusted UI behavior...