Lucene search
K

331 matches found

NVD
NVD
added 2026/07/03 9:17 p.m.11 views

CVE-2026-45488

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

5.9CVSS0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 8:35 p.m.5 views

EUVD-2026-41574

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

5.4CVSS6AI score0.00249EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.7 views

CVE-2026-45488

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

5.4CVSS6AI score0.00249EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.8 views

Microsoft Edge (Chromium-based) Spoofing Vulnerability

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

5.9CVSS6AI score0.00249EPSS
Exploits0
CVE
CVE
added 2026/06/30 8:21 p.m.17 views

CVE-2026-9106

The CVE-2026-9106 issue concerns GitHub Enterprise Server where a UI misrepresentation allowed an OAuth app to gain unauthorized access to an organization’s runner management. A victim could be tricked into authorizing an app requesting the manage_runners:org scope because the scope was not shown...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/30 8:21 p.m.7 views

CVE-2026-9106

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:21 p.m.36 views

CVE-2026-9106 UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS0.00176EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53988

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.22 Description A UI misrepresentation issue allows an OAuth application to obtain unauthorized access to organization runner management. An attacker can exploit this by creating an OAuth application...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.11 views

Siemens RUGGEDCOM RST2428P User Interface (UI) Misrepresentation of Critical Information (CVE-2025-46394)

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

3.3CVSS7.1AI score0.00158EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:27 p.m.9 views

Malicious code in nottuff25 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238a4f56f3433bf34de372e9a26264a33e33c6bde8592ddc73594d33ab7427f0 The tarball is not a Node library. package.json declares main: sw.js with description "package" and an empty author; sw.js is a browser ServiceWorker...

6AI score
Exploits0References4
OSV
OSV
added 2026/06/16 7:27 p.m.8 views

MAL-2026-5916 Malicious code in nottuff25 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238a4f56f3433bf34de372e9a26264a33e33c6bde8592ddc73594d33ab7427f0 The tarball is not a Node library. package.json declares main: sw.js with description "package" and an empty author; sw.js is a browser ServiceWorker...

6AI score
Exploits0References4
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-45650

User interface ui misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS0.00619EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:4 p.m.41 views

CVE-2026-45650

CVE-2026-45650 describes a UI misrepresentation vulnerability in Microsoft Bing Search that could enable an attacker to spoof information over a network. The exact root cause and affected UI components are not detailed in the provided documents. CVSSv3.1 base score is 4.3 (Medium): Network attack...

4.3CVSS5.5AI score0.00619EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.12 views

Microsoft Bing Search Spoofing Vulnerability

User interface ui misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS5.5AI score0.00619EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48013

Name of the Vulnerable Software and Affected Versions Microsoft Bing Search Android versions prior to 33.3 Description A user interface UI misrepresentation of critical information allows an unauthorized attacker to perform spoofing over a network. By using a crafted URL, an attacker can manipula...

4.3CVSS5.2AI score0.00619EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/20 3:35 p.m.14 views

User Interface (UI) Misrepresentation of Critical Information

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information via UrlSanitizer::parse in the...

7.1CVSS5.8AI score0.00069EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Shadow

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file...

3.3CVSS5.2AI score0.00428EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/05/17 12:0 a.m.222 views

AI Agents May Always Fall for Prompt Injections

Prompt injection is the most critical vulnerability in deployed AI agents. Despite recent progress, we show that the prevailing defense paradigm data-instruction separation both fails to detect attacks that operate through contextual manipulation and degrades contextually appropriate behavior. We...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.11 views

CVE-2026-42891

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS5.8AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.15 views

CVE-2026-35429

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS5.8AI score0.00497EPSS
Exploits0References1
Rows per page
Query Builder