CVEs classified under CWE-939, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2024-33606 — CVSS 8.8 (high): An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a…
CVE-2026-6445: A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an…
CVE-2026-35394 — CVSS 8.3 (high): Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp passes…
CVE-2026-53408 — CVSS 8.1 (high): Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may…
CVE-2026-53407 — CVSS 8.1 (high): Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may…
CVE-2026-33335 — CVSS 8.0 (high): Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop…
CVE-2026-1046 — CVSS 7.6 (high): Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute…
CVE-2026-3471 — CVSS 6.5 (medium): Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost…
CVE-2020-11000 — CVSS 5.7 (medium): GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust…
CVE-2026-26123 — CVSS 5.5 (medium): Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.
CVE-2025-41408 — CVSS 4.3 (medium): Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a…
CVE-2025-5020 — CVSS 4.3 (medium): Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the…
CVE-2024-45203 — CVSS 4.3 (medium): Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS…
CVE-2024-35298 — CVSS 4.3 (medium): Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to…
CVE-2024-54014 — CVSS 3.6 (low): Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS…
CVE-2024-54125 — CVSS 3.3 (low): Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker…
CVE-2025-67739 — CVSS 3.1 (low): In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure