Total
152 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6429 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2025-10-06 | 4.3 Medium |
| A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this vulnerability, attackers can manipulate browser-displayed error messages, enabling social engineering attacks through deceptive or misleading content. | ||||
| CVE-2025-46394 | 1 Busybox | 1 Busybox | 2025-09-24 | 3.2 Low |
| In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. | ||||
| CVE-2025-8041 | 2 Google, Mozilla | 2 Android, Firefox | 2025-09-19 | 5.3 Medium |
| In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141. | ||||
| CVE-2025-29825 | 1 Microsoft | 1 Edge Chromium | 2025-09-10 | 6.5 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-21262 | 1 Microsoft | 1 Edge Chromium | 2025-09-09 | 5.4 Medium |
| User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network | ||||
| CVE-2025-21314 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-09-09 | 6.5 Medium |
| Windows SmartScreen Spoofing Vulnerability | ||||
| CVE-2025-9867 | 1 Google | 2 Android, Chrome | 2025-09-04 | 5.4 Medium |
| Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-9865 | 1 Google | 2 Android, Chrome | 2025-09-04 | 5.4 Medium |
| Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-32371 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 4.3 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4. | ||||
| CVE-2024-39730 | 1 Ibm | 2 Datacap, Datacap Navigator | 2025-08-24 | 5.4 Medium |
| IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | ||||
| CVE-2025-8364 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 4.3 Medium |
| A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 141. | ||||
| CVE-2024-55896 | 1 Ibm | 1 I | 2025-08-19 | 5.4 Medium |
| IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system. | ||||
| CVE-2024-55889 | 2 Phpmyfaq, Thorsten | 2 Phpmyfaq, Phpmyfaq | 2025-08-14 | 4.9 Medium |
| phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue. | ||||
| CVE-2024-9163 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 3.5 Low |
| A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs. | ||||
| CVE-2025-8583 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-08 | 4.3 Medium |
| Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-43712 | 1 Jhipster | 1 Generator-jhipster | 2025-08-04 | 2.9 Low |
| JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLE_USER. By manipulating the authorities parameter and changing its value to ROLE_ADMIN, the privilege is successfully escalated to an Admin level. This allowed the access to all admin-related functionalities in the application. NOTE: this is disputed by the Supplier because there is no privilege escalation in the context of the JHipster backend (the report only demonstrates that, after using JHipster to generate an application, one can make a non-functional admin screen visible in the front end of that application). | ||||
| CVE-2025-8043 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-07-28 | 9.8 Critical |
| Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141. | ||||
| CVE-2025-7021 | 1 Openai | 1 Operator | 2025-07-24 | 6.5 Medium |
| Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site. | ||||
| CVE-2025-47963 | 1 Microsoft | 1 Edge Chromium | 2025-07-17 | 6.3 Medium |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-47964 | 1 Microsoft | 2 Edge, Edge Chromium | 2025-07-17 | 5.4 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||