88 matches found
CVE-2024-52270
User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only...
CVE-2022-0858
A cross-site scripting XSS vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited abilit...
CVE-2020-14560
Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion component: UI and Visualization. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful...
CVE-2025-4979 Insufficient Granularity of Access Control in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables that they did not author in the WebUI, by simply creating their own variable and observing the HTTP...
ALSA-2025:4649 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: User Interface UI Misrepresentation of attachment URL CVE-2025-3523 thunderbird: Information Disclosure of /tmp directory listing CVE-2025-2830 thunderbird: Leak of hashed Window credentials via crafted...
RHEL 8 : thunderbird (RHSA-2025:4654)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:4654 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: User Interface UI Misrepresentation of attachmen...
RHEL 8 : thunderbird (RHSA-2025:4649)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:4649 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: User Interface UI Misrepresentation of attachmen...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: User Interface UI Misrepresentation of attachment URL CVE-2025-3523 thunderbird: Information Disclosure of /tmp directory listing CVE-2025-2830 thunderbird: Leak of hashed Window credentials via crafted...
UBUNTU-CVE-2025-4215
A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to laun...
CVE-2025-25213
The CVE-2025-25213 issue affects Inaba Denki Sangyo Co., Ltd. Wi‑Fi AP UNIT AC-WPS-11ac series (affected versions include v2.0.03P and prior). Root cause: improper restriction of rendered UI layers or frames, enabling unintended operations when a logged‑in user views/clicks on content hosted on a...
Schneider Electric EcoStruxure Power Automation System User Interface Authorization Issue Vulnerability
Schneider Electric EcoStruxure Power Automation System User Interface is a Schneider Electric user interface software for power automation systems from Schneider Electric France. It is used for operators to interact with the power automation system to improve operational efficiency. The Schneider...
The vulnerability of the user interface of Windows operating systems allows a hacker to hide files that have been decompiled from a specially created archive from users’ sight.
The vulnerability of Windows operating systems’ user interfaces is related to the improper handling of file attributes. Exploiting this vulnerability can allow attackers to hide files that have been decompressed from a specially crafted archive from users’ sight...
Dell Avamar Access Token Reuse Vulnerability
Dell Avamar is a data backup and recovery solution from Dell that focuses on providing organizations with efficient and flexible data protection services that support physical, virtual and cloud environments. Dell Avamar suffers from an access token reuse vulnerability that stems from the inclusi...
CVE-2024-52271 PDF Document Spoofing in Documenso
User Interface UI Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only, not all...
KLA77113 SUI vulnerability in Microsoft Server Software
Security UI vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2024-49040 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details. Related...
The vulnerability of the user interface of the TwinCAT Package Manager allows a hacker to execute arbitrary commands.
The vulnerability of the TwinCAT Package Manager’s user interface is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows an attacker to execute arbitrary commands...
The vulnerability of the user interfaces of Google Chrome and Microsoft Edge allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the user interfaces of Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information through a specially created...
The vulnerability of Microsoft Teams’ corporate platform for the iOS operating system allows attackers to perform spear-phishing attacks.
The vulnerability of Microsoft Teams’ operating system on iOS is related to information representation errors in the user interface. Exploiting this vulnerability could allow a malicious actor to perform spear-phishing attacks remotely...
The vulnerability of Google Chrome’s user interface allows a hacker to replace the user interface with a malicious one.
The vulnerability of Google Chrome’s user interface is related to errors in the way information is presented on the user interface. Exploiting this vulnerability can allow a malicious actor to replace the user interface with a specially created HTML page...
The vulnerability of the user interface of SolarWinds Platform’s network monitoring and IT infrastructure management software allows a hacker to execute arbitrary code.
The vulnerability of the user interface of SolarWinds software for network monitoring and IT infrastructure management is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...