Lucene search
+L

8 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/23 7:26 p.m.4 views

CVE-2026-54326

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass th...

2.5CVSS5.8AI score0.00132EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/25 2:0 p.m.8 views

EEF-CVE-2026-47067 Atom table exhaustion via unrecognized URL schemes in hackney

Summary Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackney\url.erl converts every unrecognized URL scheme to a permanent BEAM atom via binary\to\atom/2. BEAM atoms are never garbage-collected and the atom table...

8.7CVSS6.1AI score0.00703EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/21 7:28 p.m.14 views

Crawlee for Python: SSRF via sitemap-derived URLs

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/utils/sitemap.py, src/crawlee/utils/robots.py, src/crawlee/requestloaders/sitemaprequestloader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points to an...

2.3CVSS6.4AI score0.00286EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-42590

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/ utils/sitemap.py, src/crawlee/ utils/robots.py, src/crawlee/request loaders/ sitemap request loader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points...

2.3CVSS6.4AI score
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/13 8:28 a.m.11 views

CVE-2026-6253

curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. whil...

5.9CVSS5.8AI score0.00639EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/17 9:0 p.m.7 views

Cross-site Scripting (XSS)

Overview i18nextify is an enables localization of any page with zero effort Affected versions of this package are vulnerable to Cross-site Scripting XSS via replaceInside, used by the translateProps function in src/localize.js when untrusted translation values containing dangerous URL schemes suc...

4.7CVSS5.6AI score0.00144EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/16 12:26 p.m.4 views

CVE-2025-10290 Opening links via the contextual menu in Focus for iOS would not update the toolbar UI correctly, allowing attackers to spoof websites

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press. This vulnerability was fixed in Focus for iOS...

5.8AI score0.00236EPSS
Exploits0References2
OSV
OSV
added 2021/12/16 9:18 a.m.7 views

USN-5195-1 mumble vulnerability

It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public server list, a remote attacker could possibly execute arbitrary code...

8.8CVSS7.5AI score0.03203EPSS
Exploits0References2
Rows per page
Query Builder