EUVD-2025-203503

CHOCO TEI WATCHER mini IB-MCT001 contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product...

Poly Video - Sensitive Data Might Be Written to Log File

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...

HAL -- an Open-Source Framework for Gate-Level Netlist Analysis

HAL is an open-source framework for gate-level netlist analysis, an integral step in hardware reverse engineering. It provides analysts with an interactive GUI, an extensible plugin system, and APIs in both C++ and Python for rapid prototyping and automation. In addition, HAL ships with plugins f...

GRR 4.0.0.0

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR...

ROS-20251216-7370

A vulnerability in the Fullscreen UI component of Google Chrome and Microsoft Edge browsers is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the user interface using a specially crafted HTML pag...

ROS-20251216-7361

A vulnerability in the Storage component of Google Chrome and Microsoft Edge browsers is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the user interface using a specially crafted HTML page...

ROS-20251216-7373

A vulnerability in the Omnibox component of Google Chrome and Microsoft Edge browsers is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the user interface using a specially crafted HTML page...

ROS-20251216-7362

A vulnerability in the Omnibox component of Google Chrome and Microsoft Edge browsers is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the user interface using a specially crafted HTML page...

Insertion of Sensitive Information Into Sent Data

Amendment This issue was found to be a duplicate. The original vulnerability with details can be found here. Credit: William Ashe...

CVE-2025-66388

CVE-2025-66388 affects Apache Airflow where an authenticated UI user could view secret values in rendered templates because secrets were not properly redacted. This information disclosure vulnerability enables access to sensitive data without additional authorization. Public sources in connected ...

CVE-2025-14023

LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions...

CVE-2025-14023

LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions...

CVE-2025-14019

CVE-2025-14019 concerns the LINE Android client (versions 13.8–15.5). The in-app browser UI can be spoofed via a specific layout, potentially obscuring a full-screen warning prompt and enabling phishing via UI spoofing. Public sources in the provided documents describe the affected product and ge...

Line Corporation Line Client For Ios 安全漏洞

Line Corporation Line Client For Ios is a communication application from Line Corporation, Japan. A security vulnerability exists in Line Corporation Line Client For Ios prior to version 15.19, which stems from an inconsistency between the navigation state and the in-app browser UI, which may lea...

PT-2025-51207

Name of the Vulnerable Software and Affected Versions LINE client for iOS versions prior to 15.19 Description The LINE client for iOS is susceptible to a UI spoofing issue stemming from inconsistencies between the application's navigation state and the user interface of the in-app browser. This...

PT-2025-51203

LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks...

CVE-2025-46287

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An attacker may be able to spoof their FaceTi...

User Interface (UI) Misrepresentation Of Critical Information

Drupal core is vulnerable to User Interface UI Misrepresentation of Critical Information. The vulnerability is due to improper handling of UI content rendering, which allows an attacker to spoof or misrepresent content and mislead users within the application interface...

Stored Cross-Site Scripting (XSS)

Jenkins AnchorChain Plugin is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of URL schemes when generating links from workspace content, allowing attackers to inject javascript: URLs that execute malicious scripts in the Jenkins user interface...

CVE-2025-46287

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An attacker may be able to spoof their FaceTi...