CVE-2025-11571

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

CVE-2025-11571

CVE-2025-11571 relates to command execution via vulnerable endpoints in Simplicity Installer. Description indicates endpoints accept user-controlled input through a URL in JSON format, allowing execution of commands that can open executables, but commands cannot pass parameters. Attack requires t...

EUVD-2019-19932

jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causin...

PT-2026-26983

jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causin...

CVE-2025-60313

Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site Scripting XSS in the Enter URLs to check input field. This allows a remote attacker to execute arbitrary code...

CVE-2023-21481

Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information...

SAMSUNG Account 安全漏洞

SAMSUNG Account is an account management software from Samsung South Korea. A security vulnerability exists in SAMSUNG Account versions prior to 14.1.0.0 that stems from improper URL input validation, which could allow a remote attacker to obtain sensitive information...

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.8 SP1 FP2 9.8.1.201 and prior versions, which stems from insufficient encoding of...

The vulnerability of the Google Chrome web app installer allows a hacker to manipulate the URL input by using a specially created HTML page.

The vulnerability of the Google Chrome WebApp installer is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to manipulate the URL input using a specially created HTML page...

WordPress Plugin RSVPMaker 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

php: Information disclosure in function get_headers

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

CVE-2020-17384

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system...

DEBIAN-CVE-2005-4305

Cross-site scripting XSS vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page...