cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-6158,https://securityvulnerability.io/vulnerability/CVE-2020-6158,Address Bar Spoofing in Opera Mini for Android,"Opera Mini for Android prior to version 52.2 is susceptible to a significant vulnerability that enables address bar spoofing. In this scenario, a malicious website can manipulate the browser's interface, misleading users into believing they are on a legitimate page. Such deception can result in users inadvertently disclosing sensitive information, as they may not recognize the true origin of the page they are interacting with. This vulnerability underscores the importance of browser security in safeguarding user data from potential impersonation attacks.",Opera,Opera Mini For Android,4.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-21T13:30:31.434Z,0
CVE-2024-41988,https://securityvulnerability.io/vulnerability/CVE-2024-41988,Unprotected Endpoint Allows for Malicious Code Execution,TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.,TEM Opera Plus FM Family Transmitter,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-03T18:15:00.000Z,0
CVE-2024-41987,https://securityvulnerability.io/vulnerability/CVE-2024-41987,Vulnerability in Family Transmitter Application Interface Allows Admin Access with Malicious Web Requests,The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.,TEM Opera Plus FM Family Transmitter,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-03T18:15:00.000Z,0
CVE-2018-16135,https://securityvulnerability.io/vulnerability/CVE-2018-16135,Location Permission Spoofing Vulnerability in Opera Mini for Android,"A vulnerability in the Opera Mini application for Android allows malicious actors to manipulate the Location Permission dialog. By crafting a deceptive website, attackers can spoof user location permissions, leading to unauthorized access to geolocation data and potential exploitation of sensitive information. It is essential for users to remain vigilant and ensure their applications are updated to mitigate risks associated with such vulnerabilities.",Opera,Opera Mini,6.5,MEDIUM,0.0008500000112690032,false,,false,false,true,2020-03-21T18:41:51.000Z,true,false,false,,2022-12-26T00:00:00.000Z,0
CVE-2021-23253,https://securityvulnerability.io/vulnerability/CVE-2021-23253,Address Bar Spoofing Vulnerability in Opera Mini for Android,"A vulnerability in Opera Mini for Android allows a malicious attacker to exploit the left-aligned URL display feature in the address field. This flaw can lead to URL spoofing, where the user sees only part of a fraudulent URL, creating an illusion of safety. Attackers can craft deceptive URLs that appear legitimate, while the actual domain name is hidden, thereby increasing the risk of phishing and other malicious activities. The issue is resolved in version 53.1, where long URLs are displayed with the top-level domain label aligned to the right, minimizing this risk.",Opera,Opera Mini For Android,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2021-01-11T15:43:01.000Z,0
CVE-2020-6159,https://securityvulnerability.io/vulnerability/CVE-2020-6159,Cross-Site Scripting Vulnerability in Opera for Android,"This vulnerability in Opera for Android can allow users to be misled into executing cross-site scripting (XSS) attacks against themselves. Typically, URLs using the 'javascript:' protocol have their protocol removed to safeguard users from XSS risks. However, in specific scenarios, this protective measure fails, leaving users susceptible to social engineering tactics. Users are strongly advised to update their Opera for Android browser to the latest version to mitigate risks related to this flaw.",Opera,Opera For Android,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-12-23T15:08:58.000Z,0
CVE-2020-6157,https://securityvulnerability.io/vulnerability/CVE-2020-6157,Address Bar Spoofing Vulnerability in Opera Touch for iOS,"The vulnerability in Opera Touch for iOS prior to version 2.4.5 exposes users to an address bar spoofing attack. In this scenario, a malicious webpage can manipulate the browser's address bar to display a different URL, misleading users into believing they are on a legitimate website. This deception can result in sensitive information being unwittingly disclosed to attackers, posing significant risks to user privacy and data integrity.",Opera,Opera Touch For iOS,4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-11-13T19:26:16.000Z,0
CVE-2019-12278,https://securityvulnerability.io/vulnerability/CVE-2019-12278,Address Bar Spoofing Vulnerability in Opera Browser for Android,"Opera Browser versions up to 53 for Android are exposed to a vulnerability that enables address bar spoofing. The issue arises from the improper handling of several Unicode characters, which leads to a misrepresentation of URLs. When certain characters are rendered in a right-to-left order, a numerical IP address or alphabetic string might be displayed inaccurately, potentially deceiving users by showing a spoofed URL in the address bar. This vulnerability emphasizes the need for enhanced validation mechanisms within mobile browsers to safeguard users from phishing and other deceptive practices.",Opera,Opera,4.3,MEDIUM,0.001230000052601099,false,,false,false,false,,,false,false,,2020-03-12T21:48:40.000Z,0
CVE-2019-19788,https://securityvulnerability.io/vulnerability/CVE-2019-19788,Sandbox Bypass Vulnerability in Opera for Android by Opera Software,"A vulnerability exists in Opera for Android versions prior to 54.0.2669.49432, which allows attackers to exploit a sandboxed cross-origin iframe bypass. This issue enables an attacker to manipulate a service operating within a sandboxed iframe, circumventing the typical sandboxing restrictions. Consequently, it may result in unauthorized forced redirections without user consent, posing significant security risks for users.",Opera Software As,Opera For Android,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-12-18T21:31:10.000Z,0
CVE-2019-18624,https://securityvulnerability.io/vulnerability/CVE-2019-18624,File Download Vulnerability in Opera Mini for Android,"Opera Mini for Android has a critical vulnerability that allows attackers to bypass protections against the download and installation of malicious .apk files. By exploiting a Right to Left Override (RTLO) attack technique, an attacker can disguise harmful files, misrepresenting them to the user and the system. This misinterpretation can lead to the inadvertent installation of malware, as seen in affected versions including 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214. Users need to be aware of such vulnerabilities to protect against unauthorized file installations.",Opera,Mini,9.8,CRITICAL,0.01119999960064888,false,,false,false,false,,,false,false,,2019-10-29T17:12:22.000Z,0
CVE-2019-13607,https://securityvulnerability.io/vulnerability/CVE-2019-13607,User Experience Cross-Site Scripting Vulnerability in Opera Mini for iOS,"The Opera Mini application for iOS, up to version 16.0.14, is susceptible to a User Experience Cross-Site Scripting (UXSS) vulnerability. This issue allows attackers to execute arbitrary JavaScript in the context of a user’s session by navigating to a specially crafted `javascript:` URL. Such vulnerabilities can lead to unauthorized data access and compromise user security.",Opera,Mini,6.1,MEDIUM,0.0013000000035390258,false,,false,false,false,,,false,false,,2019-07-18T14:42:59.000Z,0
CVE-2018-18913,https://securityvulnerability.io/vulnerability/CVE-2018-18913,,"Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed.",Opera,Opera Browser,7.8,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2019-03-21T21:06:16.000Z,0
CVE-2018-6608,https://securityvulnerability.io/vulnerability/CVE-2018-6608,,"In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.",Opera,Opera Browser,4.3,MEDIUM,0.0016899999463930726,false,,false,false,false,,,false,false,,2018-03-28T21:00:00.000Z,0
CVE-2016-4075,https://securityvulnerability.io/vulnerability/CVE-2016-4075,,"Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.",Opera,"Opera Mini,Opera Browser",6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2017-04-21T02:11:00.000Z,0
CVE-2016-6908,https://securityvulnerability.io/vulnerability/CVE-2016-6908,,"Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It was noticed that by placing neutral characters such as ""/"", ""?"" in filepath causes the URL to be flipped and displayed from Right To Left. However, in order for the URL to be spoofed the URL must begin with an IP address followed by neutral characters as omnibox considers IP address to be combination of punctuation and numbers and since LTR (Left To Right) direction is not properly enforced, this causes the entire URL to be treated and rendered from RTL (Right To Left). However, it doesn't have be an IP address, what matters is that first strong character (generally, alphabetic character) in the URL must be an RTL character.",Opera,Opera Browser,6.1,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2017-01-26T15:00:00.000Z,0
CVE-2016-7152,https://securityvulnerability.io/vulnerability/CVE-2016-7152,,"The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a ""HEIST"" attack.",Opera,Opera,5.3,MEDIUM,0.004629999864846468,false,,false,false,false,,,false,false,,2016-09-06T10:00:00.000Z,0
CVE-2016-5101,https://securityvulnerability.io/vulnerability/CVE-2016-5101,,Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message.,Opera,Opera Mail,8.8,HIGH,0.01916000060737133,false,,false,false,false,,,false,false,,2016-06-29T14:00:00.000Z,0
CVE-2014-1870,https://securityvulnerability.io/vulnerability/CVE-2014-1870,,Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.,Opera,Opera Browser,,,0.0013099999632686377,false,,false,false,false,,,false,false,,2014-02-06T23:55:00.000Z,0
CVE-2014-0815,https://securityvulnerability.io/vulnerability/CVE-2014-0815,,"The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.",Opera,Opera Browser,,,0.0021699999924749136,false,,false,false,false,,,false,false,,2014-02-06T22:00:00.000Z,0
CVE-2013-4705,https://securityvulnerability.io/vulnerability/CVE-2013-4705,,Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.,Opera,Opera Browser,,,0.0019199999514967203,false,,false,false,false,,,false,false,,2013-09-13T14:10:00.000Z,0
CVE-2013-3210,https://securityvulnerability.io/vulnerability/CVE-2013-3210,,"Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.",Opera,Opera Browser,,,0.0017600000137463212,false,,false,false,false,,,false,false,,2013-04-19T11:44:00.000Z,0
CVE-2013-3211,https://securityvulnerability.io/vulnerability/CVE-2013-3211,,"Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a ""moderately severe issue.""",Opera,Opera Browser,,,0.0021699999924749136,false,,false,false,false,,,false,false,,2013-04-19T11:44:00.000Z,0
CVE-2013-1618,https://securityvulnerability.io/vulnerability/CVE-2013-1618,,"The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.",Opera,Opera Browser,,,0.00343000004068017,false,,false,false,false,,,false,false,,2013-02-08T19:00:00.000Z,0
CVE-2013-1639,https://securityvulnerability.io/vulnerability/CVE-2013-1639,,"Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.",Opera,Opera Browser,,,0.0015699999639764428,false,,false,false,false,,,false,false,,2013-02-08T11:00:00.000Z,0
CVE-2013-1638,https://securityvulnerability.io/vulnerability/CVE-2013-1638,,Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.,Opera,Opera Browser,,,0.7988899946212769,false,,false,false,false,,,false,false,,2013-02-08T11:00:00.000Z,0