The vulnerability of DevTools components in Google Chrome allows a hacker to execute arbitrary code.

The vulnerability of DevTools components in Google Chrome browsers is related to an incorrect limitation on the visible layers of the user interface. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2025:0167-1 Rating: important References: Cross-References: CVE-2025-4664 Affected Products: openSUSE Leap 15.6:NonFree An update that fixes one vulnerability is now available. Description: This update for opera fixe...

An Empirical Study on Virtual Reality Software Security Weaknesses

Virtual Reality VR has emerged as a transformative technology across industries, yet its security weaknesses, including vulnerabilities, are underinvestigated. This study investigates 334 VR projects hosted on GitHub, examining 1,681 software security weaknesses to understand: what types of...

The vulnerability of the User Interface Manager component in the Security Agent of Trend Micro’s anti-virus software products, Apex One and Apex One as a Service, allows a malicious actor to bypass existing security restrictions and execute arbitrary code.

The vulnerability of the User Interface Manager component in Trend Micro Apex One and Apex One as a Service anti-virus software programs relates to improper handling of user actions. Exploiting this vulnerability can allow attackers to bypass existing security restrictions and execute arbitrary...

The vulnerability of the User Interface Manager component in the Security Agent of Trend Micro’s anti-virus software products, Apex One and Apex One as a Service, allows a malicious actor to bypass existing security restrictions and execute arbitrary code.

The vulnerability of the User Interface Manager component in Trend Micro Apex One and Apex One as a Service anti-virus software programs relates to insecure privilege management. Exploiting this vulnerability can allow attackers to bypass existing security restrictions and execute arbitrary code...

Coyote in the Wild: First-Ever Malware That Abuses UI Automation

...

KLA86016 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1...

The vulnerability of the user interface of Juniper Networks Junos OS allows a attacker to trigger a service failure.

The vulnerability of the user interface of Juniper Networks Junos OS is related to access control errors. Exploiting this vulnerability can allow a perpetrator to cause service interruptions...

The vulnerability of the user interface of Juniper Networks Junos OS allows a hacker to gain access to the device.

The vulnerability of the user interface of Juniper Networks Junos OS is related to discrepancies in the data of the user interface. Exploiting this vulnerability can allow a malicious actor to gain access to the device remotely...

The vulnerability of the user interface of Juniper Networks’ Junos OS and Junos OS Evolved systems allows a hacker to gain access and modify system configurations.

The vulnerability of the user interface of Juniper Networks Junos OS and Junos OS Evolved lies in improper neutralization of separators. Exploiting this vulnerability can allow an attacker to modify system configurations...

CVE-2025-30758

Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM component: User Interface. Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM End User. Successful attacks ...

CVE-2025-49838

GPT-SoVITS-WebUI contains an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The model_choose input is used as a model_path, .pth is appended, and torch.load deserializes it in uvr, enabling unsafe deserialization. Affected versions: 20250228v3 and earlier. At publication, no patche...

CVE-2025-30758

Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM component: User Interface. Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM End User. Successful attacks ...

CVE-2025-33097

IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

GPT-SoVITS-WebUI 命令注入漏洞

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI openslice function, which can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI 命令注入漏洞

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI openasr function. An attacker can exploit this vulnerability to execute arbitrary commands on the system...

CVE-2025-7380

CVE-2025-7380 is a stored XSS in ADM Access Control. The vulnerability allows injecting unsanitized scripts into the folder name field during shared folder creation, which execute in the user UI and may access session cookies or other data. Affected: ADM 4.1.0–4.3.3.RH61 and ADM 5.0.0.RIN1 and ea...

CVE-2025-52963

An Improper Access Control vulnerability in the User Interface UI of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service. Users with "view" permissions can run a specific request interface command which allows the user to sh...

CVE-2025-52963

An Improper Access Control vulnerability in the User Interface UI of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service. Users with "view" permissions can run a specific request interface command which allows the user to sh...

Juniper Networks Junos OS 访问控制错误漏洞

Juniper Networks Junos OS is a Juniper Networks, Inc. network operating system dedicated to the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS suffers from an Access Control Error vulnerability that stems from improper acces...