Lucene search
K

6 matches found

OSV
OSV
added 2026/05/05 7:52 p.m.3 views

CVE-2026-40280 Gotenberg SSRF via case-insensitive URL scheme bypass in webhook and downloadFrom deny-lists

Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...

7.8CVSS5.9AI score0.00463EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/16 7:58 a.m.6 views

Photon vulnerable to URL whitelist bypass

Overview Photon provided by Newphoria Corporation Inc. is an application for Android built using "applican". Photon contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this...

6.8CVSS6.7AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/16 7:58 a.m.4 views

Reversi vulnerable to URL whitelist bypass

Overview Reversi provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Reversi contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported...

6.8CVSS6.6AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/16 7:58 a.m.7 views

MEGAPHONE MUSIC vulnerable to URL whitelist bypass

Overview MEGAPHONE MUSIC provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". MEGAPHONE MUSIC contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprou...

6.8CVSS6.6AI score0.01503EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/16 7:58 a.m.33 views

applican vulnerable to URL whitelist bypass

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function whitelist.xml to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the...

6.8CVSS6.5AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/11 5:16 a.m.5 views

Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass

Overview Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

6.8CVSS6.8AI score0.01118EPSS
Exploits0References6
Rows per page
Query Builder