CVE-2025-5067

MEDIUM Year: 2025
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-290
View all →

Vulnerability Description

Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Related Vulnerabilities

CVE-2018-8153

MEDIUM
CVSS:5.4(Medium)

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsof...

CWE-2902018

CVE-2020-1331

MEDIUM
CVSS:5.4(Medium)

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Mana...

CWE-2902020

CVE-2021-41130

MEDIUM
CVSS:5.4(Medium)

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT clai...

CWE-2902021

CVE-2023-27964

MEDIUM
CVSS:5.4(Medium)

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previou...

CWE-2902023

CVE-2024-21494

MEDIUM
CVSS:5.4(Medium)

All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can sp...

CWE-2902024