Huawei HarmonyOS and EMUI Input Validation Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI suffer from an input validation...

KLA73227 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, cause denial of service, spoof user interface, bypass security restrictions. Below is a complete list of...

KLA73226 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability Microsoft Dynamics 365 on-premise...

KLA73222 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a...

VulnCheck KEV: CVE-2024-43461

Microsoft Windows MSHTML Platform contains a user interface UI misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112...

VulnCheck KEV: CVE-2021-30461

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value which might contain PHP code is injected into config/configuration.php...

The vulnerability of the Views component in Google Chrome and Microsoft Edge allows a hacker to replace the user interface.

The vulnerability of the Views component in Google Chrome and Microsoft Edge is related to improper security checks for standard elements. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially crafted HTML page...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers c...

The vulnerability of the Mozilla Firefox browser lies in its improper limitation of the visible layers of the user interface, which allows attackers to perform spoofing attacks.

The vulnerability of the Mozilla Firefox browser is related to an improper limitation on the displayed layers of the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

PT-2024-6993 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 130.0.6723.58 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in the Permissions feature of Google Chrome and Microsoft Edge, allowing a remot...

KLA73183 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, perform cross-site scripting attack, spoof user interface. Below is a complete list of vulnerabilities: 1. Type confusion...

KLA73182 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, perform cross-site scripting attack, spoof user interface. Below is a complete list of vulnerabilities: 1...

KLA73124 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1...

The vulnerability of the Mozilla Firefox browser, related to improper restriction of the displayed user interface layers, allows attackers to perform spoofing attacks.

The vulnerability of the Mozilla Firefox browser is related to an improper limitation on the displayed layers of the user interface. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks...

The vulnerability of WebApp installations for browsers Google Chrome and Microsoft Edge allows a hacker to replace the user interface.

The vulnerability of WebApp Installs components in Google Chrome and Microsoft Edge is related to improper security checks for standard elements. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially crafted HTML page...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 19, 2024 to August 25, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and ...

The vulnerability of the Date Picker function in Mozilla Firefox and Firefox ESR browsers allows a malicious actor to provide arbitrary permissions and gain unauthorized access to data or functions.

The vulnerability of the Date Picker function in Mozilla Firefox and Firefox ESR browsers is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to provide arbitrary permissions and gain unauthorized access to data or function...

PT-2024-6995 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 130.0.6723.58 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in the Payments component of Google Chrome and Microsoft Edge, which can lead to...

Versa Director Dangerous File Type Upload Vulnerability

The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” Favorite Icon enables the upload of a...

PT-2025-46929

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 128.0.6613.84 Description A flaw exists in the Fullscreen implementation of Google Chrome. This issue could allow a remote attacker to perform UI spoofing through a specially designed HTML page. Recommendations...