CVE-2025-27900

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...

CVE-2025-2697

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to...

CVE-2025-2697 IBM Cognos Command Center HTTP Open Redirect

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to...

Linux Distros Unpatched Vulnerability : CVE-2025-5020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP...

Astra Linux - уязвимость в firefox, thunderbird

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS 136...

CVE-2025-27426

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136...

CVE-2025-27426

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS 136...

CVE-2024-8399

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS 130...

+Message App improper handling of Unicode control characters

Overview +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links CWE-451. Akaki Tsunoda reported this vulnerability to IPA. JPCERT/CC...

CVE-2018-1736

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a...

CVE-2016-6908

Characters from languages are such as Arabic, Hebrew are displayed from RTL Right To Left order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with first strong character such as an IP...

Gratipay: prevent %2f spoofed URLs in profile statement

https://gratipay.com%[email protected] on clicking on this url this link will take to the google.com or any other malicious url. On seeing it will look like the link will take to the gratipay but onclicking the url it will redirect to the malicious site.Attacker with the help social engg. techniques...

Microsoft Internet Explorer contains URL decoding cross-domain vulnerability

Overview A URL decoding vulnerability in Microsoft Internet Explorer may allow remote attackers to bypass zone security restrictions and execute arbitrary code on affected systems. Description IE uses a cross-domain security model to maintain separation between browser frames from different...

OUTLOOK 2003: OuchLook

Sunday, May 09, 2004 Outlook 2003 the premier mail client from the company called 'Microsoft' certainly appears to have a lot of security features built into it. Curosry examination shows excellent thought into 'spam' containment, 'security' consideration and many other little 'things'. However...

lynx-2.8.x.txt

// This message hasn't been sent to lynx-dev list, as it requires // subscription for sending bugreports. Sorry for that. Since 2.7 releases ?, lynx has mechanisms to avoid spoofed 'special URLs'. It's designed to protect lusers from malicious, internal pseudo-protocols like LYNXDIRED://,...