CVE-2025-1939

LOW Year: 2025
CVSS v3 Score
3.9
Low
Weakness Type
CWE-359
View all →

Vulnerability Description

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136.

Related Vulnerabilities

CVE-2023-44255

MEDIUM
CVSS:4.1(Medium)

An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged ...

CWE-3592023

CVE-2024-29888

MEDIUM
CVSS:4.2(Medium)

Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the...

CWE-3592024

CVE-2022-46168

LOW
CVSS:3.5(Low)

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email c...

CWE-3592022

CVE-2023-1936

MEDIUM
CVSS:4.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, wh...

CWE-3592023

CVE-2023-26041

MEDIUM
CVSS:4.3(Medium)

Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they w...

CWE-3592023

CVE-2023-34085

MEDIUM
CVSS:4.3(Medium)

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request

CWE-3592023