CVE-2025-6017

A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to...

KLA85425 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, perform cross-site scripting attack, spoof user interface. Below is a complete list of vulnerabilities: 1...

CVE-2025-2141

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI...

Sunshine 安全漏洞

Sunshine is an open source self-service game streaming host for Moonlight by LizardByte. A security vulnerability exists in versions prior to Sunshine 2025.628.4510, which stems from a lack of clickjacking protection in the web UI and could lead to unauthorized actions...

CVE-2024-52900

IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

GHSA-XJ56-P8MM-QMXJ LLaMA-Factory allows Code Injection through improper vhead_file safeguards

Summary A critical remote code execution vulnerability was discovered during the Llama Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system simply by passi...

The vulnerability of the Thunderbird email client, related to errors in information representation by the user interface, allows attackers to perform spoofing attacks.

The vulnerability of the Thunderbird email client is related to errors in information representation by the user interface. Exploiting this vulnerability can allow a remote attacker to carry out spoofing attacks...

CVE-2025-52926

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

CVE-2025-6557

Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

UBUNTU-CVE-2025-52926

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

CVE-2025-52926

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

Vulnerability of the amd_sfh_work() function in the driver/hid/amd-sfh-hid/amd_sfh_client.c file – a driver for the Linux kernel’s user interface device subsystem, which allows an attacker to access protected information.

Vulnerability of the amdsfhwork function in the driver/hid/amd-sfh-hid/amdsfhclient.c file – The driver for the Linux kernel’s user interface device subsystem is vulnerable due to improper memory release before deleting the last reference memory leak. Exploiting this vulnerability could allow an...

CVE-2025-52926

CVE-2025-52926 affects spytrap-adb prior to v0.3.5. The issue is an omission in the scan.rs UI where matches for known stalkerware are not rendered in the interactive user interface, reducing visibility of detected stalkerware within affected builds. The CVSS 3.1 base score is 2.7 (LOW) with LOCA...

CVE-2025-52926

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

CVE-2025-23169

The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to inject and store cross-site scripting XSS...

CVE-2024-54183

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall...

Versa Director 安全漏洞

Versa Director is a virtualization and service creation platform from Versa USA. that simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director that stems from insufficient validation of customized inputs to the user...

PT-2025-26191 · Versa · Versa Director Sd-Wan Orchestration Platform

Name of the Vulnerable Software and Affected Versions: Versa Director SD-WAN orchestration platform affected versions not specified Description: The issue concerns the customization of the user interface in the Versa Director SD-WAN orchestration platform, where input for customizations such as t...

Astra Linux – Vulnerability in Chromium

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...