Total
170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6110 | 4 Netapp, Openbsd, Siemens and 1 more | 9 Element Software, Ontap Select Deploy, Storage Automation Store and 6 more | 2025-12-18 | 6.8 Medium |
| In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | ||||
| CVE-2025-14020 | 2 Google, Linecorp | 2 Android, Line | 2025-12-18 | 5.4 Medium |
| LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potentially allowing attackers to conduct phishing attacks by impersonating legitimate interfaces. | ||||
| CVE-2025-14021 | 2 Apple, Linecorp | 2 Ios, Line | 2025-12-18 | 4.3 Medium |
| The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content. | ||||
| CVE-2024-38082 | 1 Microsoft | 2 Edge, Edge Chromium | 2025-12-17 | 4.7 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-38093 | 1 Microsoft | 2 Edge, Edge Chromium | 2025-12-17 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2025-21253 | 1 Microsoft | 1 Edge | 2025-12-17 | 5.3 Medium |
| Microsoft Edge for IOS and Android Spoofing Vulnerability | ||||
| CVE-2025-21404 | 1 Microsoft | 1 Edge Chromium | 2025-12-17 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2025-21259 | 1 Microsoft | 1 Outlook | 2025-12-17 | 5.3 Medium |
| Microsoft Outlook Spoofing Vulnerability | ||||
| CVE-2025-46287 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 9.8 Critical |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An attacker may be able to spoof their FaceTime caller ID. | ||||
| CVE-2025-64667 | 1 Microsoft | 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se | 2025-12-17 | 5.3 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-62223 | 1 Microsoft | 1 Edge Chromium | 2025-12-17 | 4.3 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2024-23708 | 1 Google | 1 Android | 2025-12-16 | 9.8 Critical |
| In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-14019 | 2 Google, Linecorp | 2 Android, Line | 2025-12-15 | 3.4 Low |
| LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks. | ||||
| CVE-2024-38112 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-12-09 | 7.5 High |
| Windows MSHTML Platform Spoofing Vulnerability | ||||
| CVE-2025-9491 | 1 Microsoft | 2 Windows, Windows 11 23h2 | 2025-12-05 | 3.3 Low |
| Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373. | ||||
| CVE-2025-31266 | 1 Apple | 2 Macos, Safari | 2025-11-26 | 4.3 Medium |
| A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window. | ||||
| CVE-2025-12728 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2025-11-25 | 4.2 Medium |
| Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-13082 | 1 Drupal | 2 Drupal, Drupal Core | 2025-11-24 | 4.3 Medium |
| User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. | ||||
| CVE-2025-12911 | 1 Google | 1 Chrome | 2025-11-21 | 4.3 Medium |
| Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-11919 | 1 Google | 2 Android, Chrome | 2025-11-17 | 4.3 Medium |
| Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||