CVE-2025-65231

Barix Instreamer prior to version 04.07 is affected by a stored Cross Site Scripting (XSS) vulnerability in the Web UI I/O & Serial configuration page. The CTS close command user-input field is stored and later rendered on the Status page, enabling an attacker to inject script via this input. Roo...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...

Barix Instreamer 安全漏洞

Barix Instreamer is an audio encoding device from Barix Switzerland. A security vulnerability exists in Barix Instreamer version v04.06 and v04.05, which originates from the presence of stored cross-site scripting in the Web UI configuration stream target input...

CVE-2025-65231

Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting XSS in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page...

PT-2025-49589

Name of the Vulnerable Software and Affected Versions Barix Instreamer versions prior to 04.07 Description The software contains a Cross Site Scripting XSS issue within the Web UI. Specifically, the I/O & Serial configuration page’s CTS close command user-input field is affected. This field store...

CVE-2025-65231

Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting XSS in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page...

CVE-2025-62223

User interface ui misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network...

rConfig WebUI Detection

Binary data rconfigservicedetect.nbin...

CVE-2025-66561 SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS)

SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...

CVE-2025-66561 SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS)

SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...

CVE-2025-13940 WatchGuard Firebox Boot Time System Integrity Check Bypass

An Expected Behavior Violation CWE-440 vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the...

Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability

User interface ui misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network...

PT-2025-49164

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.8.1 through 12.11.4 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 Description A flaw exists within the Fireware OS that could allow an attacker to circumvent the boot time system integrity check. Th...

EUVD-2025-200315

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2025-13637

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. Chromium security severity: Low...

CVE-2025-13635

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2025-13637

CVE-2025-13637 concerns an Inappropriate implementation in Downloads in Google Chrome. A remote attacker could bypass download protections by convincing a user to perform specific UI gestures on a crafted HTML page, exploiting Chrome/Chromium prior to the fixed version. Affected component: Chrome...

PT-2025-48760

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 143.0.7499.41 Description An improper implementation in the Downloads feature allows a local attacker to perform UI spoofing through a specially crafted HTML page. Recommendations Update Google Chrome to version...

ROS-20251202-09

A vulnerability in the Fullscreen component of the Google Chrome browser is related to presentation errors in the user interface in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely, spoof the user interface using a specially crafted HTML page...

ROS-20251202-04

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to reading outside the boundaries of the buffer. Exploitation of the vulnerability could allow an attacker acting remotely to impact the availability of protected information Vulnerability in the WebApp Instal...