Total
146 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49755 | 2 Google, Microsoft | 2 Android, Edge | 2025-09-17 | 4.3 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-43327 | 1 Apple | 2 Macos, Safari | 2025-09-17 | 6.5 Medium |
| The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2025-10290 | 2 Apple, Mozilla | 2 Ios, Focus For Ios | 2025-09-17 | 6.5 Medium |
| Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS < 143.0. | ||||
| CVE-2025-29825 | 1 Microsoft | 1 Edge Chromium | 2025-09-10 | 6.5 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-21262 | 1 Microsoft | 1 Edge Chromium | 2025-09-09 | 5.4 Medium |
| User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network | ||||
| CVE-2025-21314 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-09-09 | 6.5 Medium |
| Windows SmartScreen Spoofing Vulnerability | ||||
| CVE-2025-9867 | 1 Google | 2 Android, Chrome | 2025-09-04 | 5.4 Medium |
| Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-9865 | 1 Google | 2 Android, Chrome | 2025-09-04 | 5.4 Medium |
| Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-9491 | 1 Microsoft | 2 Windows, Windows 11 23h2 | 2025-09-03 | 7.8 High |
| Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373. | ||||
| CVE-2025-32371 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 4.3 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4. | ||||
| CVE-2024-39730 | 1 Ibm | 2 Datacap, Datacap Navigator | 2025-08-24 | 5.4 Medium |
| IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | ||||
| CVE-2025-8364 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 4.3 Medium |
| A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 141. | ||||
| CVE-2025-9183 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-08-21 | 6.5 Medium |
| Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2. | ||||
| CVE-2025-9186 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 6.5 Medium |
| Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142. | ||||
| CVE-2025-8041 | 2 Google, Mozilla | 2 Android, Firefox | 2025-08-21 | 5.3 Medium |
| In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141. | ||||
| CVE-2024-55896 | 1 Ibm | 1 I | 2025-08-19 | 5.4 Medium |
| IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system. | ||||
| CVE-2024-55889 | 2 Phpmyfaq, Thorsten | 2 Phpmyfaq, Phpmyfaq | 2025-08-14 | 4.9 Medium |
| phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue. | ||||
| CVE-2024-9163 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 3.5 Low |
| A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs. | ||||
| CVE-2025-8583 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-08 | 4.3 Medium |
| Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-43228 | 1 Apple | 4 Ios, Ipados, Iphone Os and 1 more | 2025-08-04 | 4.3 Medium |
| The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18. 6. Visiting a malicious website may lead to address bar spoofing. | ||||