CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

PT-2025-14479 · Unknown · Tempo Operator

Name of the Vulnerable Software and Affected Versions: Tempo Operator affected versions not specified Description: A flaw was found in the Tempo Operator related to the Jaeger UI Monitor Tab functionality. When this functionality is enabled, the Operator creates a ClusterRoleBinding for the Servi...

Google Chrome Security Update (stable-channel-update-for-desktop-2025-04) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

KLA82272 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Security UI vulnerability can be exploited to spoof user interfac...

KLA82275 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Security UI vulnerability can be exploited to spoof user interfac...

PT-2025-15257 · General · Kraken Stress Testing Toolkit

Уязвимость инструмента нагрузочного тестирования SIEM-систем Kraken Stress Testing Toolkit связана с некорректным ограничением визуализированных слоев пользовательского интерфейса. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, нарушить целостность защищаемой информаци...

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system allows a perpetrator to execute arbitrary commands.

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system exists because measures to neutralize its special elements have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

About the security content of Safari 18.4

About the security content of Safari 18.4 This document describes the security content of Safari 18.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

CVE-2024-58129

In MISP before 2.4.193, menucustomrightlinkhtml parameters can be set via the UI i.e., without using the CLI and thus attackers with admin privileges can conduct XSS attacks against every page...

CVE-2024-58129

In MISP before 2.4.193, menucustomrightlinkhtml parameters can be set via the UI i.e., without using the CLI and thus attackers with admin privileges can conduct XSS attacks against every page...

UBUNTU-CVE-2024-9773

An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicio...

DEBIAN-CVE-2025-30219

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

UBUNTU-CVE-2025-30219

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

CVE-2024-58105

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker mus...

CVE-2024-58104

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-58104

The CVEs CVE-2024-58104 and CVE-2024-58105 describe a local privilege bypass in Trend Micro Apex One Security Agent Plug-in User Interface Manager that could allow an attacker with low-privilege code execution to bypass security and run arbitrary code on affected installations. Exploitation is de...

Schneider Electric EcoStruxure Power Automation System User Interface Authorization Issue Vulnerability

Schneider Electric EcoStruxure Power Automation System User Interface is a Schneider Electric user interface software for power automation systems from Schneider Electric France. It is used for operators to interact with the power automation system to improve operational efficiency. The Schneider...

[SECURITY] Fedora 41 Update: jupyterlab-4.3.6-1.fc41

JupyterLab is the next-generation user interface for Project Jupyter offering all the familiar building blocks of the classic Jupyter Notebook notebook, terminal, text editor, file browser, rich outputs, etc. in a flexible and powerful user interface...

[SECURITY] Fedora 40 Update: jupyterlab-4.3.6-1.fc40

JupyterLab is the next-generation user interface for Project Jupyter offering all the familiar building blocks of the classic Jupyter Notebook notebook, terminal, text editor, file browser, rich outputs, etc. in a flexible and powerful user interface...

Missing Input Length Validation

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Missing Input Length Validation in the experimentname - passed to...