Total
136 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9163 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 3.5 Low |
| A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs. | ||||
| CVE-2025-8583 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-08 | 4.3 Medium |
| Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-43228 | 1 Apple | 4 Ios, Ipados, Iphone Os and 1 more | 2025-08-04 | 4.3 Medium |
| The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18. 6. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2025-43712 | 1 Jhipster | 1 Generator-jhipster | 2025-08-04 | 2.9 Low |
| JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLE_USER. By manipulating the authorities parameter and changing its value to ROLE_ADMIN, the privilege is successfully escalated to an Admin level. This allowed the access to all admin-related functionalities in the application. NOTE: this is disputed by the Supplier because there is no privilege escalation in the context of the JHipster backend (the report only demonstrates that, after using JHipster to generate an application, one can make a non-functional admin screen visible in the front end of that application). | ||||
| CVE-2024-38112 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-30 | 7.5 High |
| Windows MSHTML Platform Spoofing Vulnerability | ||||
| CVE-2024-43461 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-30 | 8.8 High |
| Windows MSHTML Platform Spoofing Vulnerability | ||||
| CVE-2025-8043 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-07-28 | 9.8 Critical |
| Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141. | ||||
| CVE-2025-7021 | 1 Openai | 1 Operator | 2025-07-24 | 6.5 Medium |
| Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site. | ||||
| CVE-2025-47963 | 1 Microsoft | 1 Edge Chromium | 2025-07-17 | 6.3 Medium |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-47964 | 1 Microsoft | 2 Edge, Edge Chromium | 2025-07-17 | 5.4 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-38082 | 1 Microsoft | 1 Edge | 2025-07-16 | 4.7 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-38093 | 1 Microsoft | 1 Edge | 2025-07-16 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2025-29825 | 1 Microsoft | 1 Edge Chromium | 2025-07-15 | 6.5 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2024-38197 | 1 Microsoft | 1 Teams | 2025-07-10 | 6.5 Medium |
| Microsoft Teams for iOS Spoofing Vulnerability | ||||
| CVE-2025-29796 | 1 Microsoft | 1 Edge | 2025-07-09 | 4.7 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2024-49040 | 1 Microsoft | 1 Exchange Server | 2025-07-08 | 7.5 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2025-5986 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2025-07-02 | 6.5 Medium |
| A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2. | ||||
| CVE-2024-39730 | 1 Ibm | 2 Datacap, Datacap Navigator | 2025-07-01 | 5.4 Medium |
| IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | ||||
| CVE-2024-0805 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | 4.3 Medium |
| Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) | ||||
| CVE-2024-0750 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-06-20 | 8.8 High |
| A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||