58 matches found
CVE-2024-13185
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage...
CVE-2024-13186
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage...
CVE-2024-13186 MinigameCenter information leakage vulnerability
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage...
CVE-2024-13186
CVE-2024-13186 concerns Vivo MinigameCenter. Reports consistently describe insufficient restrictions on loading URLs, enabling information leakage. Affected software is MinigameCenter (Vivo) with publicly cited detail that older releases are vulnerable due to URL loading controls; CNNVD narrows i...
CVE-2024-13185
CVE-2024-13185 affects the MinigameCenter module. Multiple sources confirm an information-leakage risk due to insufficient restrictions on loading URLs, potentially leading to partial disclosure of data. Affected evidence points to Vivo MinigameCenter prior to 2.3.5.0 (CNNVD/RH/CVE records), with...
CVE-2024-13173 Health information leakage vulnerability
The health module has insufficient restrictions on loading URLs, which may lead to some information leakage...
CVE-2024-13173
The CVE-2024-13173 entry describes a vulnerability in the health module where loading URLs lacks sufficient restrictions, potentially causing information leakage. Connected sources specify affected software as Vivo Health prior to version 4.1.6.33, indicating a partial information disclosure risk...
CVE-2024-44081
In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format...
CVE-2024-31393
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS 124...
CVE-2024-31393
This CVE (CVE-2024-31393) affects Mozilla Firefox for iOS prior to version 124. The issue stems from insufficient input validation when dragging Javascript URLs into the address bar, which could cause the URL to load and bypass certain security protections. Affected component is the address bar h...
CVE-2024-31393
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS 124...
CVE-2023-41898
CVE-2023-41898 affects the Home Assistant Companion for Android (up to version 2023.8.2). The vulnerability is arbitrary URL loading in a WebView, enabling arbitrary JavaScript execution, limited native code execution, and credential theft. It has been patched in version 2023.9.2; all users shoul...
PT-2023-28154 · Home Assistant · Home Assistant Companion For Android
Name of the Vulnerable Software and Affected Versions: Home Assistant Companion for Android app versions 2023.8.2 and earlier Description: The Home Assistant Companion for Android app is vulnerable to arbitrary URL loading in a WebView, enabling attacks such as arbitrary JavaScript execution,...
SUSE-SU-2023:0685-1 Security update for java-1_8_0-openj9
This update for java-180-openj9 fixes the following issues: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization bsc1207249. - CVE-2023-21843: Fixed soundbank URL remote loading bsc1207248...
SUSE CVE-2012-2869
Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."...
CVE-2022-25824
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...
Code injection
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...
CVE-2021-43780
Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...
CVE-2021-43780
Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...
GHSA-VC9J-FHVV-8VRF Remote Code Execution in scratch-vm
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code...