CVE-2026-2919

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS...

SUSE CVE-2025-14273

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

Mattermost Server 10.11.x < 10.11.8 / 10.12.x < 10.12.4 / 11.0.x <= 11.0.6 / 11.1.x <= 11.1.1 Improper Authentication (MMSA-2025-00555)

The version of Mattermost Server installed on the remote host is 10.11.x prior to 10.11.8, 10.12.x prior to 10.12.4, 11.0.x prior to 11.0.6, or 11.1.x prior to 11.1.1, and is, therefore, affected by an improper authentication vulnerability: - Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5,...

Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to the authentication and issue-key path restrictions are not properly enforced. An attacker can impersonate another user and send authenticated GET and POST requests to the Jira...

EUVD-2025-204707

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

KLA90825 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in WebGPU can be exploited to cause...

CVE-2025-13132 Dia: Increased Spoof Risk; Missing full screen toast

This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen notification toast appearing. Without this notification, users could potentially be misled about what site they were on if a malicious site renders a fake UI like a fake address bar...

KLA89722 Multiple vulnerability in Microsoft System Center

Multiple vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2025-59501 Related products Microsoft-Configuration-Manager CVE list CVE-2025-59501 warning Solution Install necessary updates from the KB...

KLA89275 SUI vulnerability in Microsoft Open Source Software

A spoofing vulnerability was found in Microsoft Open Source Software. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2025-59288 CVE list CVE-2025-59288 high Solution Install necessary updates from the KB section, that are listed in your Windows...

Browser Fingerprinting Using WebAssembly

Web client fingerprinting has become a widely used technique for uniquely identifying users, browsers, operating systems, and devices with high accuracy. While it is beneficial for applications such as fraud detection and personalized experiences, it also raises privacy concerns by enabling...

CVE-2024-52590

Misskey vulnerability CVE-2024-52590 is caused by missing validation in ApRequestService.signedGet, enabling an attacker to create spoofed profiles that appear to originate from another instance. Affected Misskey versions prior to 2024.11.0-alpha.3 allow impersonation of existing users on the tar...

Improper Authentication

matrix-appservice-bridge is vulnerable to Improper Authentication. The vulnerability exists in postExchangeOpenId function at api.ts because it does not reject foreign users in OpenID responses which allows an attacker to perform unauthorized actions as the spoofed user...

Google Chrome Blink UI Spoofing Vulnerability

Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A UI spoofing vulnerability exists in Blink in versions of Google Chrome prior to 59.0.3071.86. An attacker can exploit this...

USN-3216-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of...

CVE-2016-5188

Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages...

Yahoo! Messenger is vulnerable to DoS via multiple messages from spoofed names

Overview Yahoo! Messenger is an instant messaging client. A report indicates that there is a vulnerability that permits an attacker to spoof the source user name of a Yahoo! Messenger message. Description Yahoo! Messenger permits a user to place users on an ignore list. A vulnerability exists tha...