Lucene search
K

58 matches found

NVD
NVD
added 2025/01/08 9:15 a.m.4 views

CVE-2024-13185

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage...

7.5CVSS0.00341EPSS
Exploits0References1
NVD
NVD
added 2025/01/08 9:15 a.m.5 views

CVE-2024-13186

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage...

7.5CVSS0.00341EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/08 8:28 a.m.13 views

CVE-2024-13186 MinigameCenter information leakage vulnerability

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage...

6.3CVSS0.00341EPSS
Exploits0References1
CVE
CVE
added 2025/01/08 8:28 a.m.39 views

CVE-2024-13186

CVE-2024-13186 concerns Vivo MinigameCenter. Reports consistently describe insufficient restrictions on loading URLs, enabling information leakage. Affected software is MinigameCenter (Vivo) with publicly cited detail that older releases are vulnerable due to URL loading controls; CNNVD narrows i...

7.5CVSS6.3AI score0.00341EPSS
Exploits0References1
CVE
CVE
added 2025/01/08 8:8 a.m.38 views

CVE-2024-13185

CVE-2024-13185 affects the MinigameCenter module. Multiple sources confirm an information-leakage risk due to insufficient restrictions on loading URLs, potentially leading to partial disclosure of data. Affected evidence points to Vivo MinigameCenter prior to 2.3.5.0 (CNNVD/RH/CVE records), with...

7.5CVSS6.3AI score0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/08 7:44 a.m.2 views

CVE-2024-13173 Health information leakage vulnerability

The health module has insufficient restrictions on loading URLs, which may lead to some information leakage...

6.3CVSS6.6AI score0.00341EPSS
Exploits0References1
CVE
CVE
added 2025/01/08 7:44 a.m.39 views

CVE-2024-13173

The CVE-2024-13173 entry describes a vulnerability in the health module where loading URLs lacks sufficient restrictions, potentially causing information leakage. Connected sources specify affected software as Vivo Health prior to version 4.1.6.33, indicating a partial information disclosure risk...

7.5CVSS6.3AI score0.00341EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/29 12:0 a.m.13 views

CVE-2024-44081

In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format...

0.00728EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/03 3:19 p.m.14 views

CVE-2024-31393

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS 124...

6.3AI score0.00329EPSS
Exploits0References2
CVE
CVE
added 2024/04/03 3:19 p.m.89 views

CVE-2024-31393

This CVE (CVE-2024-31393) affects Mozilla Firefox for iOS prior to version 124. The issue stems from insufficient input validation when dragging Javascript URLs into the address bar, which could cause the URL to load and bypass certain security protections. Affected component is the address bar h...

4.3CVSS6.2AI score0.00329EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/04/03 3:19 p.m.13 views

CVE-2024-31393

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS 124...

4.3CVSS4.1AI score0.00329EPSS
Exploits0
CVE
CVE
added 2023/10/19 10:8 p.m.85 views

CVE-2023-41898

CVE-2023-41898 affects the Home Assistant Companion for Android (up to version 2023.8.2). The vulnerability is arbitrary URL loading in a WebView, enabling arbitrary JavaScript execution, limited native code execution, and credential theft. It has been patched in version 2023.9.2; all users shoul...

8.6CVSS8AI score0.00164EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.9 views

PT-2023-28154 · Home Assistant · Home Assistant Companion For Android

Name of the Vulnerable Software and Affected Versions: Home Assistant Companion for Android app versions 2023.8.2 and earlier Description: The Home Assistant Companion for Android app is vulnerable to arbitrary URL loading in a WebView, enabling attacks such as arbitrary JavaScript execution,...

8.6CVSS7.4AI score0.00164EPSS
Exploits0References6
OSV
OSV
added 2023/03/09 12:45 p.m.10 views

SUSE-SU-2023:0685-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization bsc1207249. - CVE-2023-21843: Fixed soundbank URL remote loading bsc1207248...

5.3CVSS5.2AI score0.01357EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.5 views

SUSE CVE-2012-2869

Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."...

7.5CVSS9.7AI score0.01911EPSS
Exploits0References4
OSV
OSV
added 2022/03/10 5:47 p.m.4 views

CVE-2022-25824

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

3.3CVSS5.9AI score0.00225EPSS
Exploits0References1
Prion
Prion
added 2022/01/10 2:12 p.m.14 views

Code injection

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...

4CVSS6.2AI score0.01017EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2021/11/24 4:15 p.m.50 views

CVE-2021-43780

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

8.8CVSS0.01005EPSS
Exploits0References2
OSV
OSV
added 2021/11/24 4:15 p.m.14 views

CVE-2021-43780

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

8.8CVSS7.1AI score
Exploits0References2
OSV
OSV
added 2020/07/27 7:55 p.m.28 views

GHSA-VC9J-FHVV-8VRF Remote Code Execution in scratch-vm

MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code...

9.8CVSS9.8AI score0.0283EPSS
Exploits0References5
Rows per page
Query Builder