CVE-2025-59014

An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar...

Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally...

PT-2025-36853

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A use-after-free issue exists in the Windows UI XAML Phone DatePickerFlyout component. This flaw allows a locally authorized attacker to elevate privileges. Recommendations: At the moment,...

Google Android elevation of privilege vulnerability (CNVD-2025-21350)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to an obfuscated agent in the system's user interface. An attacker can exploit the vulnerability to gain elevated privileges on the system...

CVE-2025-57539

A stored cross-site scripting XSS vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment PVE 8.4 allows authenticated users to store malicious input. The payload is rendered unsafely in the Web UI and executed when viewed by other users, potentially...

CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

CVE-2024-43184

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

GHSA-XMCW-MV9P-7PQ2 Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gc-wj6x-9w55. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescriptio...

CVE-2025-10044

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

CVE-2025-10044

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

MAL-2025-42964 Malicious code in @trp-beacon-ui-kit/style-tokens (npm)

The package @trp-beacon-ui-kit/style-tokens was found to contain malicious code...

Malicious code in markdown-perseus-betelgeuse-chakra-ui (npm)

The package markdown-perseus-betelgeuse-chakra-ui was found to contain malicious code...

Malicious code in algol-cross-env-biomimicry-semantic-ui (npm)

The package algol-cross-env-biomimicry-semantic-ui was found to contain malicious code...

Malicious code in element-ui-xenon-uranology-bunyan (npm)

The package element-ui-xenon-uranology-bunyan was found to contain malicious code...

MAL-2025-46160 Malicious code in subscription-test-semantic-ui-tailwindcss (npm)

The package subscription-test-semantic-ui-tailwindcss was found to contain malicious code...

CVE-2025-32320

CVE-2025-32320 affects Android System UI and describes a confused-deputy issue that can lead to local elevation of privilege: an attacker could view other users’ images without extra execution privileges or user interaction. Affected component is Android System UI; root cause is improper access c...

CVE-2025-32320

In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-21029

Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display...

PT-2025-36241

Name of the Vulnerable Software and Affected Versions: Android System UI affected versions not specified Description: A confused deputy condition exists in Android System UI that may allow applications to gain elevated privileges. This could lead to local escalation of privilege without requiring...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to an obfuscated agent in the system's user interface. An attacker can exploit the vulnerability to gain elevated privileges on the system...