CVE-2022-43850

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Malwarebytes named “Best Antivirus Software” and “Best Malware Removal Service”

Horn tooting time: We're excited to say we've earned a coveted spot in PCMag’s “Best Antivirus Software for 2025” list, and been recognized as the “Best Malware Removal Service 2025” by CNET. PCMag’s rigorous evaluation process takes into account a range of factors, including real-world, hands-on...

Advisory ROSA-SA-2025-2844

Software: gtk3 3.22.30 OS: ROSA Virtualization 2.1 packageevrstring: gtk3-3.22.30-12.rv3 CVE-ID: CVE-2024-6655 BDU-ID: 2024-06447 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GTK graphical user interface creation library GIMP Toolkit is related to mismanagement of code generation...

Advisory ROSA-SA-2025-2801

Software: gtk3 3.22.30 OS: ROSA Virtualization 3.0 packageevrstring: gtk3-3.22.30-12.rv30 CVE-ID: CVE-2024-6655 BDU-ID: 2024-06447 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GTK graphical user interface creation library GIMP Toolkit is related to mismanagement of code generation...

CVE-2025-30654

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. Through the execution of a specific...

SUSE CVE-2012-0410

Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter...

CVE-2025-31476

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit allows an attacker to manipulate the presentation of critical information to the user interface, thereby compromising data integrity.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to the improper presentation of critical information to the user interface. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...

CVE-2025-30654

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. Through the execution of a specific...

CVE-2025-30654

CVE-2025-30654 affects Junos OS and Junos OS Evolved. A local, low-privileged attacker with CLI access can exploit the UI via a specific show mgd command to view sensitive information, including password hashes. Affected versions include Junos OS pre-21.4R3-S10, 22.2 before 22.2R3-S5, 22.4 before...

CVE-2025-30654 Junos OS and Junos OS Evolved: A local, low privileged user can access sensitive information

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. Through the execution of a specific...

DRUPAL-CONTRIB-2025-030

This module enables you to translate nodes, configuration, UI strings automatically. The module doesn't sufficiently validate the incoming API response when using eTranslation integration, which has an asynchronous workflow. Specially crafted requests could overwrite entities and translations of...

User Interface (UI) Misrepresentation of Critical Information

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information in the GenerateImage function, which does not sanitize URL text. An...

CVE-2023-33844

IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-25213

The CVE-2025-25213 issue affects Inaba Denki Sangyo Co., Ltd. Wi‑Fi AP UNIT AC-WPS-11ac series (affected versions include v2.0.03P and prior). Root cause: improper restriction of rendered UI layers or frames, enabling unintended operations when a logged‑in user views/clicks on content hosted on a...

(Pwn2Own) Samsung Galaxy S24 Quick Share Insufficient UI Warning Arbitrary File Write Vulnerability

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Samsung Galaxy S24. An attacker must first obtain the ability to perform activities on the target device. The specific flaw exists within the Quick Share application. The user interface fai...

Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 信息泄露漏洞

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system designed specifically for the company's hardware devices. The operating system provides a secure programming interface and the Junos...

RabbitMQ has XSS Vulnerability in an Error Message in Management UI

...

GHSA-P5G4-V748-6FH8 tarteaucitron.js allows url scheme injection via unfiltered inputs

A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript...

tarteaucitron.js allows url scheme injection via unfiltered inputs

A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript...