ROS-20251202-06

A vulnerability in the Autofill component of the Google Chrome browser is related to presentation errors in the user interface user interface. Exploitation of the vulnerability could allow an attacker acting remotely, spoof the user interface using a specially crafted HTML page...

ROS-20251202-03

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service A vulnerability in the Downloa...

CVE-2025-61915

A flaw was found in cups. A user in group defined by SystemGroup directive in /etc/cups/cups-files.conf can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. Mitigation...

Linux Distros Unpatched Vulnerability : CVE-2025-61915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can us...

AZL-71152 CVE-2025-61915 affecting package cups for versions less than 2.3.3op2-11

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config a...

AZL-71146 CVE-2025-61915 affecting package cups for versions less than 2.4.16-1

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config a...

EUVD-2025-199891

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config a...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A post-release...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via widget URLs in the skywalking-ui component. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious content into stored data that is later rendered in the web...

DNS Rebinding

sillytavern is vulnerable to DNS rebinding. The vulnerability is due to improper host validation in the web UI, which allows an attacker to exploit it by installing malicious extensions, reading chats, and injecting arbitrary HTML for phishing...

CVE-2025-64063

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

CVE-2025-33203

NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service...

CVE-2025-13132

A flaw was found in dia. This vulnerability allows users to be misled about the current site via a malicious site rendering a fake user interface UI without a full-screen notification...

CVE-2025-13502

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash DoS via a crafted payload to the GLib remote inspector server...

EUVD-2025-199496

Malicious code in @huntersofbook/ui npm...

pcs security update

0.11.10-1.el97.1 - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves: RHEL-120945, RHEL-121035, RHEL-123630, RHEL-123642, RHEL-124938 0.11.10-1 - Rebased pcs to the latest sources see CHANGELOG.md Resolves: RHEL-77194,...

EUVD-2025-198553

Malicious code in snapchat-ui npm...

EUVD-2025-198554

Malicious code in linkedin-ui npm...

CVE-2025-13132

This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen notification toast appearing. Without this notification, users could potentially be misled about what site they were on if a malicious site renders a fake UI like a fake address bar...

CVE-2025-13132

CVE-2025-13132 affects the "dia" browser (Red Hat/Dia references) where a flaw allows entering fullscreen after a user click without showing the fullscreen notification toast. This could let a malicious site spoof the UI (e.g., fake address bar). Root cause: lack of fullscreen notification. Impac...