Lucene search
K

1360 matches found

CVE
CVE
added 6 days ago22 views

CVE-2026-13356

The CVE-2026-13356 issue affects Firefox for iOS and centers on a malicious webpage that interrupts a pending navigation by enqueuing a synchronous JavaScript dialog. This side effect causes the browser UI to display the destination origin in the address bar while attacker-controlled content cont...

6.3CVSS6AI score0.00132EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-13356 Interrupted navigation could allow address bar origin spoofing in Firefox for iOS

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3...

0.00132EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40810

Incorrect security UI in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00179EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:16 p.m.2 views

DEBIAN-CVE-2026-13842

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:14 a.m.11 views

CVE-2026-12348

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing...

7.4CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 7:54 p.m.21 views

CVE-2026-12348

CVE-2026-12348 concerns Arc Search for Android. The entry describes an address bar spoofing flaw caused by a window.open race condition, enabling a remote attacker to render attacker-controlled content while displaying a trusted domain in the address bar (phishing risk). The CVSSv3.1 vector is pr...

7.4CVSS5.3AI score0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49836

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing...

7.4CVSS5.4AI score0.00283EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in WebKit2GTK

There was an issue with URL handling that caused spoofing. This issue has been addressed through improved input validation. This issue is fixed in iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, and Safari 16.2. Visiting a malicious website may result in address bar spoofing...

4.3CVSS6.4AI score0.00965EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in WebKit2GTK

There was an issue with URL handling that caused spoofing. This issue has been addressed through improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may result in address bar spoofing...

4.3CVSS6.4AI score0.00578EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Firefox

The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox 115...

6.5CVSS6.9AI score0.00515EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in WebKit2GTK

A inconsistent user interface issue has been resolved through improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, and macOS Sonoma 14.1. Visiting a malicious website may result in address bar spoofing...

7.5CVSS6.7AI score0.0086EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.15 views

CVE-2026-44659

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

4.7CVSS5.8AI score0.00164EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 6:16 p.m.15 views

CVE-2026-44659

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

4.7CVSS0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 5:1 p.m.41 views

CVE-2026-44659 Zen Browser Mac - Address Bar Spoofing via Long Subdomain

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

4.7CVSS0.00164EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 5:1 p.m.11 views

CVE-2026-44659 Zen Browser Mac - Address Bar Spoofing via Long Subdomain

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

4.7CVSS5.8AI score0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 9:21 p.m.23 views

CVE-2026-5906

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

0.00161EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 9:21 p.m.4 views

CVE-2026-5906

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

5.9AI score0.00161EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.5 views

CVE-2026-2378

ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:16 p.m.7 views

CVE-2026-2378

ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

5.8AI score0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/20 9:16 p.m.25 views

CVE-2026-2378 Address bar spoofing risk in ArcSearch on Android

ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

7.4CVSS0.00173EPSS
Exploits0References1
Rows per page
Query Builder