CVE-2026-0497

SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application...

KLA90845 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Use...

KLA90833 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1...

KLA90842 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, spoof user interface, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code...

KLA90840 Multiple vulnerabilities were found in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information, cause denial of service, spoof user interface. Below is a complete list of...

PT-2026-2333

Name of the Vulnerable Software and Affected Versions SAP Product Designer Web UI of Business Server Pages affected versions not specified Description The SAP Product Designer Web UI of Business Server Pages allows authenticated, non-administrative users to access non-sensitive information. This...

PT-2026-2677

Name of the Vulnerable Software and Affected Versions Tablet Windows User Interface TWINUI Subsystem affected versions not specified Description The TWINUI Subsystem contains a flaw that could allow an attacker to disclose sensitive information locally. An authorized attacker can exploit this iss...

SAP Product Designer Web UI of Business Server 安全漏洞

SAP Product Designer Web UI of Business Server is a Web-based management platform from SAP, Germany. A security vulnerability exists in SAP Product Designer Web UI of Business Server, which arises from an authenticated, non-administrative user having access to non-sensitive information that could...

PT-2026-2676

Name of the Vulnerable Software and Affected Versions Tablet Windows User Interface TWINUI Subsystem affected versions not specified Description A flaw exists due to concurrent execution using a shared resource with improper synchronization, creating a race condition within the Tablet Windows Use...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 10 security fixes: 458914193 High CVE-2026-0899: Out of bounds memory access in V8. Reported by @p1nky4745 on 2025-11-08 465730465 High CVE-2026-0900: Inappropriate implementation in V8. Reported by Google on 2025-12-03 40057499 High CVE-2026-0901:...

CVE-2026-22813 Malicious website can execute commands on the local system through XSS in the OpenCode web UI

OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response...

CVE-2026-21860 vulnerabilities

Vulnerabilities for packages: superset, tensorflow-cpu-jupyter, azure-functions-python-worker...

CVE-2026-0824

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

CVE-2018-4389

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1...

CVE-2018-4279

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2...

CVE-2018-4195

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12...

CVE-2018-4362

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12...

CVE-2018-4391

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofi...

CVE-2021-41861

The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted on both the...

CVE-2021-33593

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing...