Total
147 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20530 | 1 Google | 1 Android | 2025-04-18 | 5.3 Medium |
| In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645 | ||||
| CVE-2021-27414 | 1 Hitachienergy | 1 Ellipse Enterprise Asset Management | 2025-04-16 | 5.5 Medium |
| An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. | ||||
| CVE-2022-26383 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-16 | 4.3 Medium |
| When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. | ||||
| CVE-2022-22762 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-16 | 4.3 Medium |
| Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | ||||
| CVE-2022-34479 | 3 Linux, Mozilla, Redhat | 7 Linux Kernel, Firefox, Firefox Esr and 4 more | 2025-04-15 | 6.5 Medium |
| A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | ||||
| CVE-2022-45404 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-04-15 | 6.5 Medium |
| Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | ||||
| CVE-2022-2800 | 1 Gym Management System Project | 1 Gym Management System | 2025-04-15 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality. The manipulation leads to clickjacking. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206246 is the identifier assigned to this vulnerability. | ||||
| CVE-2014-7899 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. | ||||
| CVE-2007-6591 | 1 Kde | 1 Konqueror | 2025-04-09 | N/A |
| KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. | ||||
| CVE-2025-0451 | 1 Google | 1 Chrome | 2025-04-08 | 6.3 Medium |
| Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2024-11701 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-05 | 4.3 Medium |
| The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133. | ||||
| CVE-2025-30467 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-04 | 4.3 Medium |
| The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2025-0244 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.3 Medium |
| When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134. | ||||
| CVE-2025-0246 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-03 | 6.5 Medium |
| When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134. | ||||
| CVE-2024-11695 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-04-03 | 5.4 Medium |
| A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | ||||
| CVE-2024-11692 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-04-03 | 4.3 Medium |
| An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | ||||
| CVE-2025-26696 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 7 High |
| Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. | ||||
| CVE-2025-1940 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.1 High |
| A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 136. | ||||
| CVE-2025-1922 | 1 Google | 2 Android, Chrome | 2025-04-01 | 4.3 Medium |
| Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-4768 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-04-01 | 6.1 Medium |
| A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | ||||