CVE-2022-25768

The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade proces...

Improper Access Control

Overview Affected versions of this package are vulnerable to Improper Access Control due to the UI upgrade process. An attacker can access the version number or execute parts of the upgrade process without proper permissions. Note: As upgrading in the user interface is deprecated, this...

GHSA-X3JX-5W6M-Q2FC Mautic vulnerable to Improper Access Control in UI upgrade process

Impact The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade...

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic version 1.1.3 and prior versions, which stems from a lack of access control in the use...

rteval bug fix update

An update is available for rteval. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rteval packages contain a utility for measuring realtime scheduler latency...

CVE-2024-40797

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Visiting a malicious website may lead to user interface spoofing...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS version 13.7, which originates from a visit to a malicious Web site that may result in user interface spoofing...

ROS-20240917-01

A vulnerability in the user tabs of Google Chrome and Microsoft Edge browsers is related to an incorrect security checks for standard elements. Exploitation of the vulnerability could allow an attacker, acting remotely, to spoof the user interface with a specially crafted HTML page. generated HTM...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A cross-site scripting vulnerability exists in Google Chrome prior to version 129.0.6668.58, which stems from insufficient UI gesture validation in Omnibox on the Android platform, and can be exploited by an attacker to inject...

CVE-2024-40797

This CVE-2024-40797 affects macOS where visiting a malicious website may cause user interface spoofing. It is addressed by improved state management and is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, and macOS Sequoia 15. The NVD/NDA references describe a network-accessible issue with UI spoo...

CVE-2024-40797

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Visiting a malicious website may lead to user interface spoofing...

CVE-2024-40797

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Visiting a malicious website may lead to user interface spoofing...

The vulnerability of the MSHTML platform in Microsoft Windows operating systems allows a hacker to execute a spoofing attack.

The vulnerability of the MSHTML platform in Microsoft Windows systems is related to errors in information representation by the user interface. Exploiting this vulnerability can allow a remote attacker to perform a spoofing attack...

PT-2024-29120

Name of the Vulnerable Software and Affected Versions Safari versions prior to 18 macOS versions prior to Sequoia 15 Description The issue was addressed with improved UI. Visiting a malicious website may lead to address bar spoofing. Recommendations For Safari versions prior to 18, update to Safa...

Microsoft Windows MSHTML Platform Spoofing Vulnerability

Microsoft Windows MSHTML Platform contains a user interface UI misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112...

The vulnerability in the Firefox web browser relates to an improper limitation on the visible layers of the user interface. This allows a malicious actor to gain access to confidential data and compromise its integrity.

The vulnerability in the Firefox web browser is related to an improper limitation on the visible layers of the user interface. Exploiting this vulnerability can allow a remote attacker to access confidential data and compromise its integrity...

The vulnerability of the Service Workers service in the private browsing mode of the Firefox web browser relates to an improper limitation on the visible layers of the user interface. This allows a malicious actor to gain access to confidential data.

The vulnerability of the Service Workers service in the private browsing mode of the Firefox web browser is related to an incorrect limitation on the visible layers of the user interface. Exploiting this vulnerability could allow a remote attacker to gain access to confidential data...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 2, 2024 to September 8, 2024)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearchers...

CVE-2024-45856

A cross-site scripting XSS vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI...

PT-2024-31813 · Mindsdb · Mindsdb

Name of the Vulnerable Software and Affected Versions: MindsDB affected versions not specified Description: A cross-site scripting XSS issue exists, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScrip...