Total
156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3859 | 1 Mozilla | 1 Firefox Focus | 2025-05-12 | N/A | 6.1 MEDIUM |
|
Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus < 138.
|
|||||
| CVE-2025-4086 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-05-09 | N/A | 6.5 MEDIUM |
|
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog.
*This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138.
|
|||||
| CVE-2022-3313 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 6.5 MEDIUM |
|
Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-38163 | 1 F-secure | 1 Safe | 2025-05-02 | N/A | 3.5 LOW |
|
A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.
|
|||||
| CVE-2025-0446 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
|
|||||
| CVE-2025-3074 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-3073 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-3072 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-0435 | 1 Google | 2 Android, Chrome | 2025-04-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2016-9473 | 1 Brave | 1 Browser | 2025-04-20 | 4.3 MEDIUM | 4.7 MEDIUM |
|
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.
|
|||||
| CVE-2016-9467 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
|
|||||
| CVE-2016-9468 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.
|
|||||
| CVE-2016-9460 | 2 Nextcloud, Owncloud | 2 Nextcloud, Owncloud | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
|
|||||
| CVE-2017-0888 | 1 Nextcloud | 2 Nextcloud, Nextcloud Server | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.
|
|||||
| CVE-2022-20530 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.3 MEDIUM |
|
In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645
|
|||||
| CVE-2022-26383 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 4.3 MEDIUM |
|
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
|
|||||
| CVE-2022-22762 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-16 | N/A | 4.3 MEDIUM |
|
Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97.
|
|||||
| CVE-2022-34479 | 2 Linux, Mozilla | 4 Linux Kernel, Firefox, Firefox Esr and 1 more | 2025-04-15 | N/A | 6.5 MEDIUM |
|
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
|
|||||
| CVE-2022-45404 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 6.5 MEDIUM |
|
Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
|
|||||
| CVE-2025-0451 | 1 Google | 1 Chrome | 2025-04-08 | N/A | 6.3 MEDIUM |
|
Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
|
|||||
| CVE-2025-1922 | 1 Google | 2 Android, Chrome | 2025-04-01 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-2631 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-29 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-4950 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-28 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-54558 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-27 | N/A | 2.8 LOW |
|
A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library.
|
|||||
| CVE-2023-0700 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-0130 | 1 Google | 2 Android, Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-6610 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-03-18 | N/A | 4.3 MEDIUM |
|
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
|
|||||
| CVE-2023-2938 | 1 Google | 1 Chrome | 2025-03-18 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-8909 | 2 Apple, Google | 2 Iphone Os, Chrome | 2025-03-17 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-38313 | 1 Mozilla | 1 Firefox | 2025-03-14 | N/A | 4.3 MEDIUM |
|
In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.
|
|||||
| CVE-2024-6999 | 1 Google | 1 Chrome | 2025-03-14 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-5698 | 1 Mozilla | 1 Firefox | 2025-03-14 | N/A | 6.1 MEDIUM |
|
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127.
|
|||||
| CVE-2023-2937 | 1 Google | 1 Chrome | 2025-03-11 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-2941 | 1 Google | 1 Chrome | 2025-03-11 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)
|
|||||
| CVE-2025-21259 | 1 Microsoft | 1 Outlook | 2025-02-28 | N/A | 5.3 MEDIUM |
|
Microsoft Outlook Spoofing Vulnerability
|
|||||
| CVE-2025-21253 | 1 Microsoft | 1 Edge | 2025-02-11 | N/A | 5.3 MEDIUM |
|
Microsoft Edge for IOS and Android Spoofing Vulnerability
|
|||||
| CVE-2025-21404 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 4.3 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2025-21262 | 1 Microsoft | 1 Edge Chromium | 2025-02-07 | N/A | 5.4 MEDIUM |
|
User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network
|
|||||
| CVE-2025-21314 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-01-27 | N/A | 6.5 MEDIUM |
|
Windows SmartScreen Spoofing Vulnerability
|
|||||
| CVE-2025-0729 | 2025-01-27 | 5.0 MEDIUM | 4.3 MEDIUM | ||
|
A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.
|
|||||