CVE-2024-12374

A stored cross-site scripting XSS vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript...

CVE-2024-12374

CVE-2024-12374 : Stored XSS in automatic1111/stable-diffusion-webui (git 82a973c). An attacker can upload an HTML file that the app treats as content-type application/html; when a victim visits the malicious link, arbitrary JavaScript runs in the browser. Connected documents confirm the vulnerabi...

LoLLMs Web UI 安全漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs Web UI version V12, which stems from the startappserver function not properly cleaning up the appname parameter, which could lea...

LoLLMs Web UI 安全漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by Saifeddine ALOUI Individual Developer. A security vulnerability exists in LoLLMs Web UI version V13, which originates from an unauthenticated URL and could lead to a server-side request forgery attack...

[SECURITY] Fedora 42 Update: podman-tui-1.4.0-1.fc42

podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

CVE-2024-56338

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

The vulnerability of TP-Link TL-SG108E router’s microprogramming software, related to errors in user interface representation, allows attackers to carry out clickjacking attacks.

The vulnerability of TP-Link TL-SG108E router’s microprogramming software is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to carry out a clickjacking attack...

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, Thunderbird ESR, are related to information representation errors in the user interface. These vulnerabilities allow attackers to influence the integrity of protected information.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, Thunderbird ESR, are related to information representation errors in the user interface. Exploiting these vulnerabilities can allow an attacker to influence the integrity of protected information...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...

The vulnerability of Google Chrome’s user interface allows a perpetrator to replace the user interface.

The vulnerability of Google Chrome’s user interface is related to an improper limitation on the visible layers of the user interface. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

The vulnerability of Google Chrome, related to errors in the user interface’s information representation, allows a perpetrator to replace the user interface.

The vulnerability of Google Chrome relates to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

The vulnerability of Google Chrome, related to errors in the user interface’s information representation, allows a perpetrator to replace the user interface.

The vulnerability of Google Chrome relates to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

CVE-2025-25567

SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself through the UI,...

The vulnerability of the HMI SCADA system of the power automation system, EcoStruxure Power Automation System User Interface (EPAS-UI), related to deficiencies in authentication procedures, allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the HMI SCADA system of the electric power automation system, EcoStruxure Power Automation System User Interface EPAS-UI, is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity,...

CVE-2024-56338

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2024-45328

An incorrect authorization vulnerability CWE-863 in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu...

IBM Sterling B2B Integrator 跨站脚本漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions, and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

KLA81545 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface, cause denial of service. Below is a complete list of...

CVE-2025-27615

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

CVE-2025-27615

CVE-2025-27615 affects umatiGateway. The Red Hat entry describes that the user interface may be publicly accessible when using the provided docker-compose file, allowing configuration to be viewed and altered. The root cause appears to be UI exposure beyond localhost, with a patch in commit 5d81a...