CVE-2025-27615

CVE-2025-27615 affects umatiGateway. The Red Hat entry describes that the user interface may be publicly accessible when using the provided docker-compose file, allowing configuration to be viewed and altered. The root cause appears to be UI exposure beyond localhost, with a patch in commit 5d81a...

wapiti

It is an offensive tool for web application security testing. The primary vulnerability class targeted is SQL injection and XSS. The tool is designed to check web applications for vulnerabilities, and it is likely used by security researchers and penetration testers. The tool is written in Python...

Behind the Scenes: Introducing the Akamai Design System

We recently made some design changes to our UI to improve the user experience. Lead Senior Software Engineer Jaalah Ramos expands on the “why” in this Q&A...

[SECURITY] Fedora 41 Update: podman-tui-1.4.0-1.fc41

podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

umati Gateway 信息泄露漏洞

umati Gateway is an umati open source tool that uses JSON messages to connect OPC UA servers to MQTT agents. An information disclosure vulnerability exists in umati Gateway that stems from the user interface allowing public access, which could result in configurations being viewed and modified...

CVE-2025-26643

The UI performs the wrong action in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

Chromium: CVE-2025-1917 Inappropriate Implementation in Browser UI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA81239 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Out of bounds memory read vulnerabili...

The vulnerability of the Mozilla Firefox browser, related to errors in information representation by the user interface, allows a hacker to replace the address bar.

The vulnerability of the Mozilla Firefox browser is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to substitute the address bar with a specially created link...

The vulnerability of the Mozilla Firefox browser, related to errors in information representation by the user interface, allows a hacker to replace the address bar.

The vulnerability of the Mozilla Firefox browser is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to substitute the address bar with a specially created link...

SUSE CVE-2025-1917

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2025-1923

Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

DEBIAN-CVE-2025-1923

Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client relates to improper limitation of the number of user interface layers or frames displayed. This allows attackers to perform spoofing attacks.

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client is related to improper restrictions on the layers or frames that are displayed in the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

The vulnerability of the Google Chrome browser’s Extensions API allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Google Chrome browser’s Extensions API is related to errors in information representation by the user interface. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through a special extension of Chrome...

Linux Distros Unpatched Vulnerability : CVE-2023-42843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1...

KLA81175 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface, inject malicious code. Below is a complete list of vulnerabilities: 1. Out of bound...

KLA81240 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface, inject malicious code. Below is a complete list of vulnerabilities: 1. Use after fr...

KLA81181 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface, inject malicious code. Below is a complete list of vulnerabilities: 1. Use after fr...

CVE-2024-54179

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...