Weaknesses of type CWE-939
24 resultsCVE-2020-11000MEDIUMImproper URL validation in GreenBrowserEPSS 1.2%CVE-2021-31384HIGHJunos OS: SRX Series: Under a specific device configuration an attacker can access the devices J-Web management services from any interface, regardless of security settings protecting the serviceEPSS 1.1%CVE-2022-20736MEDIUMCisco AppDynamics Controller Authorization Bypass VulnerabilityEPSS 1.0%CVE-2023-43582MEDIUMImproper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.EPSS 0.7%CVE-2026-26123MEDIUMMicrosoft Authenticator Information Disclosure VulnerabilityEPSS 0.6%CVE-2024-33606HIGHMicroDicom DICOM Viewer Improper Authorization in Handler for Custom URL SchemeEPSS 0.5%CVE-2026-35394HIGHMobile Next has Arbitrary Android Intent Execution via mobile_open_urlEPSS 0.4%CVE-2024-41918LOW'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorizaEPSS 0.3%CVE-2024-35298MEDIUMImproper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lEPSS 0.3%CVE-2026-6445HIGHA flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticatedEPSS 0.3%CVE-2024-45203MEDIUMImproper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS verEPSS 0.3%CVE-2025-41408MEDIUMImproper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remoteEPSS 0.3%CVE-2026-33335MEDIUMVikunja Desktop allows arbitrary local application invocation via unvalidated shell.openExternalEPSS 0.2%CVE-2026-1046HIGHArbitrary application execution via unvalidated server-controlled URLs in Help menuEPSS 0.2%CVE-2026-53407HIGHImproper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may alloEPSS 0.2%CVE-2026-53408HIGHImproper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may alloEPSS 0.2%CVE-2025-5020MEDIUMLinks using non-HTTP schemes opened from other apps such as Safari could have allowed spoofing of website addressesEPSS 0.2%CVE-2024-54014LOWImproper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.EPSS 0.2%CVE-2026-3471MEDIUMOpening a window with {{javascript:alert()}} as URL causes crash in the Mattermost Desktop AppEPSS 0.2%CVE-2024-54125LOWImproper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker tEPSS 0.2%