CVE-2025-31476 tarteaucitron.js allows url scheme injection via unfiltered inputs

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL...

CVE-2025-31476

Summary: CVE-2025-31476 affects tarteaucitron.js. A vulnerability caused by insufficient URL validation allowed a user with high privileges to insert URLs with insecure schemes (e.g., javascript:alert()) that could lead to arbitrary JavaScript execution when a link is clicked. The issue enables e...

CVE-2025-31476 tarteaucitron.js allows url scheme injection via unfiltered inputs

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL...

Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series'

Overview Wi-Fi AP UNIT 'AC-WPS-11ac series' provided by Inaba Denki Sangyo Co., Ltd. contain multiple vulnerabilities listed below. Incorrect privilege assignment in the WEB UI the setting page CWE-266 - CVE-2025-23407 OS command injection in the WEB UI the setting page CWE-78 - CVE-2025-25053...

Huawei HarmonyOS和Huawei EMUI 安全漏洞

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An access control vulnerability exists in Huawei HarmonyOS and EMUI.The vulnerability stems from improper access...

The vulnerability of Microsoft Edge browser on the iOS operating system, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge browser on the iOS operating system is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...

CVE-2025-2159

Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI...

CVE-2025-29796

User interface ui misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-29796

CVE-2025-29796 affects Microsoft Edge for iOS . The vulnerability is described as a UI misrepresentation that could allow an unauthorized attacker to perform spoofing over a network. According to the initial description, the CVSSv3.1 base score is 4.7 (Medium), with attack vector NETWORK , attack...

The vulnerability of the microprogrammed software for ViewJet C-more Series sensor panels, related to information representation errors in the user interface, allows a intruder to replace the user interface.

The vulnerability of the microprogrammed software for ViewJet C-more Series sensor panels is related to errors in information representation by the user interface. Exploiting this vulnerability can allow an attacker to remotely replace the user interface...

The vulnerability of the Thunderbird email client, related to errors in information presentation by the user interface, allows attackers to disclose protected information.

The vulnerability of the Thunderbird email client is related to errors in information representation by the user interface. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

JTEKT ELECTRONICS HMI ViewJet C-more 安全漏洞

JTEKT ELECTRONICS HMI ViewJet C-more is a series of human-machine interfaces from JTEKT ELECTRONICS, Japan. A security vulnerability exists in JTEKT ELECTRONICS HMI ViewJet C-more, which stems from an improper restriction at the UI layer that could lead to spoofing attacks...

CVE-2025-0272

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

CVE-2025-0272

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

KLA82387 ACE vulnerability in WinRAR

Arbitrary code execution vulnerability was found in WinRAR. Malicious users can exploit this vulnerability to execute arbitrary code, spoof user interface. Original advisories JVN59547048 WinRAR vulnerable to the symbolic link based “Mark of the Web” check bypass CVE-2025-31334 Related products...

KLA82346 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, spoof user interface, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Type...

ROS-20250403-05

A vulnerability in the Media component of the Google Chrome browser is related to memory usage after it is released. after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page V8 JavaScript scrip...

CVE-2024-56475

IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

SUSE CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2025-3074

Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...