Huawei HarmonyOS和Huawei EMUI 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI suffer from an insufficient...

Huawei HarmonyOS和Huawei EMUI 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. An out-of-bounds access vulnerability exists in Huawei...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A security vulnerability exists in Huawei HarmonyOS an...

The vulnerability of the web page rendering module in WebKit operating systems for iOS, iPadOS, and the Safari browser allows attackers to perform spoofing attacks.

The vulnerability of the Web page rendering module in WebKit operating systems for iOS, iPadOS, and the Safari browser is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks remotely...

Swagger UI 1.0.3 Cross Site Scripting

Proof of concept cross site scripting exploit for Swagger UI versions 1.0.3 and below...

Deserialization of Untrusted Data

Overview llamafactory is an Easy-to-use LLM fine-tuning framework Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the Checkpoint path parameter in the WebUI interface during the training process. An attacker can exploit this vulnerability by supplying a...

PT-2025-32492 · Pypi · Ms-Swift

I. Detailed Description: 1. Install ms-swift pip install ms-swift -U 2. Start web-ui swift web-ui --lang en 3. After startup, access through browser at http://localhost:7860/ to see the launched fine-tuning framework program 4. Fill in necessary parameters In the LLM Training interface, fill in...

DEBIAN-CVE-2025-43228

The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2025.2.4.0 and earlier, which stems from a UI synchronization issue that could lead to...

ROS-20250730-01

A vulnerability in the Navigations component of the Google Chrome and Microsoft Edge browsers is related to a flaw in the source validation mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions with a specially crafted HTML...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...

CVE-2025-43228

The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18. 6. Visiting a malicious website may lead to address bar spoofing...

RLSA-2025:7435 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: User Interface UI Misrepresentation of attachment URL CVE-2025-3523 thunderbird: Information Disclosure of /tmp directory listing CVE-2025-2830 thunderbird: Leak of hashed Window credentials via crafted...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

HCL BigFix Remote Control Server WebUI 安全漏洞

HCL BigFix Remote Control Server WebUI is a web user interface for remote management and control from HCL India. A security vulnerability exists in HCL BigFix Remote Control Server WebUI version 10.1.0.0248 and prior versions, which stems from improper access restriction and could lead to...

The vulnerability of the JetBrains YouTrack project management and task management software, related to errors in the user interface’s information presentation, allows attackers to circumvent existing security restrictions.

The vulnerability of the JetBrains YouTrack project and task management software is related to errors in the user interface’s information presentation. Exploiting this vulnerability can allow an attacker to circumvent existing security restrictions remotely...

The vulnerability of DevTools components in Google Chrome allows a hacker to execute arbitrary code.

The vulnerability of DevTools components in Google Chrome browsers is related to an incorrect limitation on the visible layers of the user interface. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2025:0167-1 Rating: important References: Cross-References: CVE-2025-4664 Affected Products: openSUSE Leap 15.6:NonFree An update that fixes one vulnerability is now available. Description: This update for opera fixe...

An Empirical Study on Virtual Reality Software Security Weaknesses

Virtual Reality VR has emerged as a transformative technology across industries, yet its security weaknesses, including vulnerabilities, are underinvestigated. This study investigates 334 VR projects hosted on GitHub, examining 1,681 software security weaknesses to understand: what types of...

The vulnerability of the User Interface Manager component in the Security Agent of Trend Micro’s anti-virus software products, Apex One and Apex One as a Service, allows a malicious actor to bypass existing security restrictions and execute arbitrary code.

The vulnerability of the User Interface Manager component in Trend Micro Apex One and Apex One as a Service anti-virus software programs relates to improper handling of user actions. Exploiting this vulnerability can allow attackers to bypass existing security restrictions and execute arbitrary...