Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2025-49081

There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse...

CVE-2025-0917

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

CVE-2025-0917

IBM Cognos Analytics is affected by a stored cross-site scripting (XSS) vulnerability in the Web UI. A privileged user can embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. Affected versions are 11.2.0–11.2.4 IF3 and 12.0.0–12.0.4. Remediation/advi...

[SECURITY] Fedora 42 Update: dtk6gui-6.0.27-6.fc42

Deepin Tool Kit DtkGui is the development graphical user interface of all C++/Qt Developer work on Deepin...

[SECURITY] Fedora 42 Update: roundcubemail-1.6.11-1.fc42

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

KLA84763 SUI vulnerability in Microsoft Azure

Security UI vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to perform cross-site scripting attack, spoof user interface. Original advisories CVE-2025-47977 Related products Microsoft-Azure CVE list CVE-2025-47977 critical Solution Install necessary...

Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-16596)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A security vulnerability exists in Huawei HarmonyOS an...

kafbat-ui 代码问题漏洞

kafbat-ui is an open source Web UI for managing Apache Kafka clusters from Kafbat Open Source. A code issue vulnerability exists in kafbat-ui version 1.0.0 that stems from insecure deserialization and could lead to the execution of arbitrary code...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A security vulnerability exists in Huawei HarmonyOS an...

The vulnerability of the “Tab Strip” control element in the Google Chrome browser allows a hacker to replace the user interface.

The vulnerability of the Tab Strip control element in Google Chrome relates to the bypassing of authentication processes through spoofing. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML link...

Toward a Human-Centered Evaluation Framework for Trustworthy LLM-Powered GUI Agents

The rise of Large Language Models LLMs has revolutionized Graphical User Interface GUI automation through LLM-powered GUI agents, yet their ability to process sensitive data with limited human oversight raises significant privacy and security risks. This position paper identifies three key risks ...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to errors in information presentation on the user interface, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to information representation errors in the user interface. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

RHEL 10 : thunderbird (RHSA-2025:7507)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:7507 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: User Interface UI Misrepresentation of attachme...

CVE-2025-25044

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in improper restrictions on the displayed layers of the user interface, which allows attackers to carry out clickjacking attacks.

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an improper limitation on the visually displayed layers of the user interface. Exploiting this vulnerability allows a malicious actor to carry out a clickjacking attack remotely...

Devolutions Server <= 2024.3.15.0 / 2025.1.3.0 <= 2025.1.7.0 Improper Privilege Assignment (DEVO-2025-0008)

The version of Devolutions Server installed on the remote host is prior or equal to 2024.3.15.0 or 2025.1.3.0 through 2025.1.7.0 and is, therefore, affected by an improper privilege assignment vulnerability: - Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a...

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server...

BIT-GITLAB-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

Google Chrome Security Bypass Vulnerability (CNVD-2025-10924)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability due to an improper implementation in the FileSystemAccess API, which can be exploited by an attacker to perform user interface spoofing via specially crafted HTML pages...