cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-6158,https://securityvulnerability.io/vulnerability/CVE-2020-6158,Address Bar Spoofing in Opera Mini for Android,"Opera Mini for Android prior to version 52.2 is susceptible to a significant vulnerability that enables address bar spoofing. In this scenario, a malicious website can manipulate the browser's interface, misleading users into believing they are on a legitimate page. Such deception can result in users inadvertently disclosing sensitive information, as they may not recognize the true origin of the page they are interacting with. This vulnerability underscores the importance of browser security in safeguarding user data from potential impersonation attacks.",Opera,Opera Mini For Android,4.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-21T13:30:31.434Z,0
CVE-2018-16135,https://securityvulnerability.io/vulnerability/CVE-2018-16135,Location Permission Spoofing Vulnerability in Opera Mini for Android,"A vulnerability in the Opera Mini application for Android allows malicious actors to manipulate the Location Permission dialog. By crafting a deceptive website, attackers can spoof user location permissions, leading to unauthorized access to geolocation data and potential exploitation of sensitive information. It is essential for users to remain vigilant and ensure their applications are updated to mitigate risks associated with such vulnerabilities.",Opera,Opera Mini,6.5,MEDIUM,0.0008500000112690032,false,,false,false,true,2020-03-21T18:41:51.000Z,true,false,false,,2022-12-26T00:00:00.000Z,0
CVE-2021-23253,https://securityvulnerability.io/vulnerability/CVE-2021-23253,Address Bar Spoofing Vulnerability in Opera Mini for Android,"A vulnerability in Opera Mini for Android allows a malicious attacker to exploit the left-aligned URL display feature in the address field. This flaw can lead to URL spoofing, where the user sees only part of a fraudulent URL, creating an illusion of safety. Attackers can craft deceptive URLs that appear legitimate, while the actual domain name is hidden, thereby increasing the risk of phishing and other malicious activities. The issue is resolved in version 53.1, where long URLs are displayed with the top-level domain label aligned to the right, minimizing this risk.",Opera,Opera Mini For Android,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2021-01-11T15:43:01.000Z,0
CVE-2020-6159,https://securityvulnerability.io/vulnerability/CVE-2020-6159,Cross-Site Scripting Vulnerability in Opera for Android,"This vulnerability in Opera for Android can allow users to be misled into executing cross-site scripting (XSS) attacks against themselves. Typically, URLs using the 'javascript:' protocol have their protocol removed to safeguard users from XSS risks. However, in specific scenarios, this protective measure fails, leaving users susceptible to social engineering tactics. Users are strongly advised to update their Opera for Android browser to the latest version to mitigate risks related to this flaw.",Opera,Opera For Android,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-12-23T15:08:58.000Z,0
CVE-2020-6157,https://securityvulnerability.io/vulnerability/CVE-2020-6157,Address Bar Spoofing Vulnerability in Opera Touch for iOS,"The vulnerability in Opera Touch for iOS prior to version 2.4.5 exposes users to an address bar spoofing attack. In this scenario, a malicious webpage can manipulate the browser's address bar to display a different URL, misleading users into believing they are on a legitimate website. This deception can result in sensitive information being unwittingly disclosed to attackers, posing significant risks to user privacy and data integrity.",Opera,Opera Touch For iOS,4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-11-13T19:26:16.000Z,0
CVE-2019-12278,https://securityvulnerability.io/vulnerability/CVE-2019-12278,Address Bar Spoofing Vulnerability in Opera Browser for Android,"Opera Browser versions up to 53 for Android are exposed to a vulnerability that enables address bar spoofing. The issue arises from the improper handling of several Unicode characters, which leads to a misrepresentation of URLs. When certain characters are rendered in a right-to-left order, a numerical IP address or alphabetic string might be displayed inaccurately, potentially deceiving users by showing a spoofed URL in the address bar. This vulnerability emphasizes the need for enhanced validation mechanisms within mobile browsers to safeguard users from phishing and other deceptive practices.",Opera,Opera,4.3,MEDIUM,0.001230000052601099,false,,false,false,false,,,false,false,,2020-03-12T21:48:40.000Z,0
CVE-2019-19788,https://securityvulnerability.io/vulnerability/CVE-2019-19788,Sandbox Bypass Vulnerability in Opera for Android by Opera Software,"A vulnerability exists in Opera for Android versions prior to 54.0.2669.49432, which allows attackers to exploit a sandboxed cross-origin iframe bypass. This issue enables an attacker to manipulate a service operating within a sandboxed iframe, circumventing the typical sandboxing restrictions. Consequently, it may result in unauthorized forced redirections without user consent, posing significant security risks for users.",Opera Software As,Opera For Android,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-12-18T21:31:10.000Z,0
CVE-2018-18913,https://securityvulnerability.io/vulnerability/CVE-2018-18913,DLL Search Order Hijacking in Opera Browser,"Opera Browser prior to version 57.0.3098.106 is susceptible to a DLL Search Order hijacking vulnerability. This flaw allows an attacker to craft a ZIP archive containing an HTML page paired with a malicious DLL file. When the compromised document is executed, the browser searches its system directory for the required DLLs—specifically shcore.dll and dcomp.dll. This behavior can inadvertently facilitate an attacker in executing arbitrary code, potentially leading to full system control. Users of affected versions are advised to update their browsers immediately to mitigate any security risks associated with this vulnerability.",Opera,Opera Browser,7.8,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2019-03-21T21:06:16.000Z,0
CVE-2018-6608,https://securityvulnerability.io/vulnerability/CVE-2018-6608,,"In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.",Opera,Opera Browser,4.3,MEDIUM,0.0016899999463930726,false,,false,false,false,,,false,false,,2018-03-28T21:00:00.000Z,0
CVE-2016-4075,https://securityvulnerability.io/vulnerability/CVE-2016-4075,,"Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.",Opera,"Opera Mini,Opera Browser",6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2017-04-21T02:11:00.000Z,0
CVE-2016-6908,https://securityvulnerability.io/vulnerability/CVE-2016-6908,,"Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It was noticed that by placing neutral characters such as ""/"", ""?"" in filepath causes the URL to be flipped and displayed from Right To Left. However, in order for the URL to be spoofed the URL must begin with an IP address followed by neutral characters as omnibox considers IP address to be combination of punctuation and numbers and since LTR (Left To Right) direction is not properly enforced, this causes the entire URL to be treated and rendered from RTL (Right To Left). However, it doesn't have be an IP address, what matters is that first strong character (generally, alphabetic character) in the URL must be an RTL character.",Opera,Opera Browser,6.1,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2017-01-26T15:00:00.000Z,0
CVE-2016-7152,https://securityvulnerability.io/vulnerability/CVE-2016-7152,,"The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a ""HEIST"" attack.",Opera,Opera,5.3,MEDIUM,0.004629999864846468,false,,false,false,false,,,false,false,,2016-09-06T10:00:00.000Z,0
CVE-2016-5101,https://securityvulnerability.io/vulnerability/CVE-2016-5101,,Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message.,Opera,Opera Mail,8.8,HIGH,0.01916000060737133,false,,false,false,false,,,false,false,,2016-06-29T14:00:00.000Z,0
CVE-2014-1870,https://securityvulnerability.io/vulnerability/CVE-2014-1870,,Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.,Opera,Opera Browser,,,0.0013099999632686377,false,,false,false,false,,,false,false,,2014-02-06T23:55:00.000Z,0
CVE-2014-0815,https://securityvulnerability.io/vulnerability/CVE-2014-0815,,"The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.",Opera,Opera Browser,,,0.0021699999924749136,false,,false,false,false,,,false,false,,2014-02-06T22:00:00.000Z,0
CVE-2013-4705,https://securityvulnerability.io/vulnerability/CVE-2013-4705,,Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.,Opera,Opera Browser,,,0.0019199999514967203,false,,false,false,false,,,false,false,,2013-09-13T14:10:00.000Z,0
CVE-2013-3211,https://securityvulnerability.io/vulnerability/CVE-2013-3211,,"Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a ""moderately severe issue.""",Opera,Opera Browser,,,0.0021699999924749136,false,,false,false,false,,,false,false,,2013-04-19T11:44:00.000Z,0
CVE-2013-3210,https://securityvulnerability.io/vulnerability/CVE-2013-3210,,"Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.",Opera,Opera Browser,,,0.0017600000137463212,false,,false,false,false,,,false,false,,2013-04-19T11:44:00.000Z,0
CVE-2013-1618,https://securityvulnerability.io/vulnerability/CVE-2013-1618,,"The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.",Opera,Opera Browser,,,0.00343000004068017,false,,false,false,false,,,false,false,,2013-02-08T19:00:00.000Z,0
CVE-2013-1639,https://securityvulnerability.io/vulnerability/CVE-2013-1639,,"Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.",Opera,Opera Browser,,,0.0015699999639764428,false,,false,false,false,,,false,false,,2013-02-08T11:00:00.000Z,0
CVE-2013-1638,https://securityvulnerability.io/vulnerability/CVE-2013-1638,,Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.,Opera,Opera Browser,,,0.7988899946212769,false,,false,false,false,,,false,false,,2013-02-08T11:00:00.000Z,0
CVE-2013-1637,https://securityvulnerability.io/vulnerability/CVE-2013-1637,,Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.,Opera,Opera Browser,,,0.10713999718427658,false,,false,false,false,,,false,false,,2013-02-08T11:00:00.000Z,0
CVE-2012-6461,https://securityvulnerability.io/vulnerability/CVE-2012-6461,,The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service.,Opera,Opera Browser,,,0.0019199999514967203,false,,false,false,false,,,false,false,,2013-01-02T11:46:00.000Z,0
CVE-2012-6464,https://securityvulnerability.io/vulnerability/CVE-2012-6464,,Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins.,Opera,Opera Browser,,,0.0013200000394135714,false,,false,false,false,,,false,false,,2013-01-02T11:46:00.000Z,0
CVE-2012-6465,https://securityvulnerability.io/vulnerability/CVE-2012-6465,,Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.,Opera,Opera Browser,,,0.022339999675750732,false,,false,false,false,,,false,false,,2013-01-02T11:46:00.000Z,0