Total
164 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9865 | 1 Google | 2 Android, Chrome | 2025-09-04 | N/A | 5.4 MEDIUM |
| Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-32371 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | N/A | 4.3 MEDIUM |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4. | |||||
| CVE-2024-55896 | 1 Ibm | 1 I | 2025-08-19 | N/A | 5.4 MEDIUM |
| IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system. | |||||
| CVE-2025-49755 | 1 Microsoft | 1 Edge | 2025-08-15 | N/A | 4.3 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2024-55889 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-08-14 | N/A | 4.9 MEDIUM |
| phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue. | |||||
| CVE-2024-9163 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 3.5 LOW |
| A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs. | |||||
| CVE-2025-8583 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-08 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-7021 | 1 Openai | 1 Operator | 2025-07-24 | N/A | 6.5 MEDIUM |
| Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site. | |||||
| CVE-2025-29796 | 1 Microsoft | 1 Edge | 2025-07-09 | N/A | 4.7 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-29825 | 1 Microsoft | 1 Edge Chromium | 2025-07-08 | N/A | 6.5 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2024-39730 | 1 Ibm | 2 Datacap, Datacap Navigator | 2025-07-01 | N/A | 5.4 MEDIUM |
| IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||
| CVE-2024-0805 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) | |||||
| CVE-2024-0750 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-06-20 | N/A | 8.8 HIGH |
| A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||||
| CVE-2025-5065 | 1 Google | 1 Chrome | 2025-05-29 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-5066 | 1 Google | 1 Chrome | 2025-05-29 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-32816 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-22 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. | |||||
| CVE-2022-3313 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 6.5 MEDIUM |
| Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-38163 | 1 F-secure | 1 Safe | 2025-05-02 | N/A | 3.5 LOW |
| A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar. | |||||
| CVE-2025-0446 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | |||||
| CVE-2025-3074 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 5.4 MEDIUM |
| Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||