Total
429 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-56800 | 1 Reolink | 1 Reolink | 2025-11-17 | N/A | 5.1 MEDIUM |
| Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable JavaScript property(a.settingsManager.lockScreenPassword), an attacker can patch the return value to bypass authentication. NOTE: this is disputed by the Supplier because the lock-screen bypass would only occur if the local user modified his own instance of the application. | |||||
| CVE-2025-13015 | 1 Mozilla | 1 Firefox | 2025-11-17 | N/A | 3.4 LOW |
| Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30. | |||||
| CVE-2025-11209 | 1 Google | 2 Android, Chrome | 2025-11-13 | N/A | 8.2 HIGH |
| Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-12430 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-13 | N/A | 7.5 HIGH |
| Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-58595 | 2025-11-13 | N/A | 9.1 CRITICAL | ||
| Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8. | |||||
| CVE-2025-27916 | 1 Anydesk | 1 Anydesk | 2025-11-10 | N/A | 7.5 HIGH |
| An issue was discovered in AnyDesk through 9.0.4. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID. | |||||
| CVE-2024-54085 | 2 Ami, Netapp | 19 Megarac Sp-x, H300s, H300s Firmware and 16 more | 2025-11-05 | N/A | 9.8 CRITICAL |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
| CVE-2025-43503 | 1 Apple | 5 Ipados, Iphone Os, Safari and 2 more | 2025-11-05 | N/A | 4.3 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Visiting a malicious website may lead to user interface spoofing. | |||||
| CVE-2025-43493 | 1 Apple | 4 Ipados, Iphone Os, Safari and 1 more | 2025-11-05 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2025-59501 | 1 Microsoft | 3 Configuration Manager 2403, Configuration Manager 2409, Configuration Manager 2503 | 2025-11-05 | N/A | 4.8 MEDIUM |
| Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network. | |||||
| CVE-2024-34397 | 4 Debian, Fedoraproject, Gnome and 1 more | 4 Debian Linux, Fedora, Glib and 1 more | 2025-11-04 | N/A | 5.2 MEDIUM |
| An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. | |||||
| CVE-2023-42889 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2023-41069 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-04 | N/A | 5.5 MEDIUM |
| This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID. | |||||
| CVE-2021-27862 | 2 Ieee, Ietf | 2 Ieee 802.2, P802.1q | 2025-11-04 | N/A | 4.7 MEDIUM |
| Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers). | |||||
| CVE-2021-27861 | 2 Ieee, Ietf | 2 Ieee 802.2, P802.1q | 2025-11-04 | N/A | 4.7 MEDIUM |
| Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers) | |||||
| CVE-2021-27854 | 2 Ieee, Ietf | 2 Ieee 802.2, P802.1q | 2025-11-04 | N/A | 4.7 MEDIUM |
| Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse. | |||||
| CVE-2021-27853 | 3 Cisco, Ieee, Ietf | 308 Catalyst 3650-12x48fd-e, Catalyst 3650-12x48fd-l, Catalyst 3650-12x48fd-s and 305 more | 2025-11-04 | N/A | 4.7 MEDIUM |
| Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. | |||||
| CVE-2023-51327 | 1 Phpjabbers | 1 Cleaning Business Software | 2025-11-04 | N/A | 6.5 MEDIUM |
| A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | |||||
| CVE-2023-51326 | 1 Phpjabbers | 1 Cleaning Business Software | 2025-11-04 | N/A | 6.5 MEDIUM |
| A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | |||||
| CVE-2023-51323 | 1 Phpjabbers | 1 Shared Asset Booking System | 2025-11-04 | N/A | 6.5 MEDIUM |
| A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | |||||