EUVD-2013-0548

Malware in sbrugna...

EUVD-2023-58018

Malicious code in bioql PyPI...

CVE-2025-41421

CVE-2025-41421 describes a privilege-escalation flaw in TeamViewer components due to improper handling of symbolic links. A local, unprivileged attacker on Windows can spoof the update file path in TeamViewer Full Client, TeamViewer Host, and, per related sources, TeamViewer Remote and Tensor, fo...

CVE-2025-41421 Privilege Escalation via Symbolic Link Spoofing in TeamViewer Client

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update fi...

CVE-2025-41421 Privilege Escalation via Symbolic Link Spoofing in TeamViewer Client

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update fi...

CVE-2025-10290

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS 143.0...

CVE-2025-10290 Opening links via the contextual menu in Focus for iOS would not update the toolbar UI correctly, allowing attackers to spoof websites

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press. This vulnerability was fixed in Focus for iOS...

PT-2025-37927

Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 143.0 Description: Opening links via the contextual menu for certain URL schemes would fail to load, but the toolbar would not refresh correctly. This could allow attackers to spoof websites if users were coerc...

CVE-2025-8364

Summary: CVE-2025-8364 affects Mozilla Firefox for Android (pre-141) due to a crafted blob: URI that can hide the page’s true origin, enabling potential spoofing. The issue is Android-only; other OSes are unaffected. Affected component is the browser’s handling of blob: URLs, with the root cause ...

CVE-2013-1299

Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message...

CVE-2024-52593 Missing validation allows spoofed "origin" links in Misskey

Misskey is an open source, federated social media platform.In affected versions missing validation in NoteCreateService.insertNote, ApPersonService.createPerson, and ApPersonService.updatePerson allows an attacker to control the target of any "origin" links such as the "view on remote instance"...

PT-2024-16303 · Unknown · Focus For Ios

Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 132 Description: The issue allows internal links to utilize the app scheme used for deeplinking, potentially circumventing some URL safety checks. This could result in link spoofing. Recommendations: For Focus...

CVE-2024-8399

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS 130...

a-blog cms vulnerable to URL spoofing

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains an URL spoofing vulnerability CWE-451. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

a-blog cms security breach

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms versions Ver.3.1.0 through Ver.3.1.8, which stems from the presence of a URL spoofing vulnerability that could force a product administrator to visit an arbitrary website when clicking on a link ...

Apache Superset 输入验证错误漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An input validation error vulnerability exists in Apache Superset versions prior to 3.0.0. The vulnerability stems from the presence of improper input validation, which can be exploited by an...

PT-2023-6538 · Mozilla +9 · Firefox +11

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 117 Firefox ESR versions prior to 115.4 Thunderbird versions prior to 115.4.1 Description: The issue is related to errors in the representation of information in the user interface, allowing an attacker to conduct...

Security Vulnerabilities fixed in Firefox 117 — Mozilla

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been create...

DEBIAN-CVE-2023-4363

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. Chromium security severity: Medium...

PT-2023-25578 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 2.6.0 through 3.5.8 Mastodon versions 4.0.0 through 4.0.4 Mastodon versions 4.1.0 through 4.1.2 Description: Mastodon is a free, open-source social network server based on ActivityPub. An attacker can craft a verified profil...