Total
449 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-28478 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 7.6 High |
Microsoft SharePoint Server Spoofing Vulnerability | ||||
CVE-2021-26418 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 4.6 Medium |
Microsoft SharePoint Server Spoofing Vulnerability | ||||
CVE-2023-38173 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 4.3 Medium |
Microsoft Edge for Android Spoofing Vulnerability | ||||
CVE-2023-36883 | 1 Microsoft | 1 Edge | 2025-02-28 | 4.3 Medium |
Microsoft Edge for iOS Spoofing Vulnerability | ||||
CVE-2023-36769 | 1 Microsoft | 1 Onenote | 2025-02-28 | 4.6 Medium |
Microsoft OneNote Spoofing Vulnerability | ||||
CVE-2023-35392 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 4.7 Medium |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
CVE-2023-29334 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 4.3 Medium |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
CVE-2023-24935 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 6.1 Medium |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
CVE-2023-24892 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 8.2 High |
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | ||||
CVE-2023-21794 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 4.3 Medium |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
CVE-2021-31209 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 6.5 Medium |
Microsoft Exchange Server Spoofing Vulnerability | ||||
CVE-2021-31195 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 6.5 Medium |
Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
CVE-2022-48349 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | 9.1 Critical |
The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability. | ||||
CVE-2020-6158 | 2025-02-21 | 4.7 Medium | ||
Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data. | ||||
CVE-2023-0816 | 1 Strategy11 | 1 Formidable Form Builder | 2025-02-19 | 6.5 Medium |
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. | ||||
CVE-2025-25055 | 2025-02-18 | N/A | ||
Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0, which may lead to user impersonation. If exploited, restricted file contents may be accessed. | ||||
CVE-2024-3843 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 4.6 Medium |
Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2024-34145 | 2 Jenkins, Redhat | 2 Script Security, Ocp Tools | 2025-02-13 | 8.8 High |
A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | ||||
CVE-2024-23832 | 1 Joinmastodon | 1 Mastodon | 2025-02-13 | 9.4 Critical |
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5. | ||||
CVE-2023-48396 | 2025-02-13 | 9.1 Critical | ||
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue. |