Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29825 | 2025-05-10 | 6.5 Medium | ||
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-4086 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-05-09 | 6.5 Medium |
| A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2025-29796 | 2025-05-06 | 4.7 Medium | ||
| User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2022-3313 | 1 Google | 1 Chrome | 2025-05-06 | 6.5 Medium |
| Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-38112 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-05 | 7.5 High |
| Windows MSHTML Platform Spoofing Vulnerability | ||||
| CVE-2024-30055 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 5.4 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-38197 | 1 Microsoft | 1 Teams | 2025-05-02 | 6.5 Medium |
| Microsoft Teams for iOS Spoofing Vulnerability | ||||
| CVE-2022-38163 | 1 F-secure | 1 Safe | 2025-05-02 | 3.5 Low |
| A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar. | ||||
| CVE-2025-46394 | 2025-04-29 | 3.2 Low | ||
| In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. | ||||
| CVE-2022-23646 | 1 Vercel | 1 Next.js | 2025-04-23 | 5.9 Medium |
| Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change `next.config.js` to use a different `loader configuration` other than the default. | ||||
| CVE-2022-39258 | 1 Mailcow | 1 Mailcow\ | 2025-04-22 | 8.1 High |
| mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server. | ||||
| CVE-2025-0446 | 1 Google | 1 Chrome | 2025-04-21 | 4.3 Medium |
| Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2025-3074 | 1 Google | 1 Chrome | 2025-04-21 | 5.4 Medium |
| Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-3073 | 1 Google | 1 Chrome | 2025-04-21 | 5.4 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-3072 | 1 Google | 1 Chrome | 2025-04-21 | 5.4 Medium |
| Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-0435 | 1 Google | 2 Android, Chrome | 2025-04-21 | 6.5 Medium |
| Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2016-9473 | 1 Brave | 1 Browser | 2025-04-20 | 4.7 Medium |
| Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names. | ||||
| CVE-2016-9468 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | N/A |
| Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. | ||||
| CVE-2016-9467 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | N/A |
| Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | ||||
| CVE-2016-9460 | 2 Nextcloud, Owncloud | 2 Nextcloud, Owncloud | 2025-04-20 | N/A |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | ||||