Search criteria
6 vulnerabilities
CVE-2025-12501 (GCVE-0-2025-12501)
Vulnerability from cvelistv5 – Published: 2025-10-31 14:10 – Updated: 2025-10-31 14:53
VLAI?
Summary
Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects are urged to update and recompile immediately.
Severity ?
7.5 (High)
CWE
- Integer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Opera Norway AS | GameMaker IDE |
Affected:
Below 2024.14.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T14:51:30.206399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T14:53:19.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GameMaker IDE",
"vendor": "Opera Norway AS",
"versions": [
{
"status": "affected",
"version": "Below 2024.14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects\u00a0 are urged to update and recompile immediately."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T14:10:19.919Z",
"orgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"shortName": "Opera"
},
"references": [
{
"url": "https://blogs.opera.com/security/2025/10/gamemaker-security-update-cve-2025-12501/"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"assignerShortName": "Opera",
"cveId": "CVE-2025-12501",
"datePublished": "2025-10-31T14:10:19.919Z",
"dateReserved": "2025-10-30T09:00:52.710Z",
"dateUpdated": "2025-10-31T14:53:19.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-6158 (GCVE-0-2020-6158)
Vulnerability from cvelistv5 – Published: 2025-02-21 13:30 – Updated: 2025-02-21 18:41
VLAI?
Summary
Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.
Severity ?
4.7 (Medium)
CWE
- Address bar spoofing (CWE-451)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Opera Mini for Android |
Affected:
Below 52.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-6158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T18:41:34.730982Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T18:41:43.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Opera Mini for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Below 52.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Address bar spoofing (CWE-451)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T13:32:04.346Z",
"orgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"shortName": "Opera"
},
"references": [
{
"url": "https://security.opera.com/en/address-bar-spoofing-in-opera-mini-for-android-opera-security-advisories/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"assignerShortName": "Opera",
"cveId": "CVE-2020-6158",
"datePublished": "2025-02-21T13:30:31.434Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2025-02-21T18:41:43.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23253 (GCVE-0-2021-23253)
Vulnerability from cvelistv5 – Published: 2021-01-11 15:43 – Updated: 2024-08-03 19:05
VLAI?
Summary
Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g. www.safe.opera.com…) The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue.
Severity ?
No CVSS data available.
CWE
- Address bar spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Opera Mini for Android |
Affected:
Below 53.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.opera.com/address-bar-spoofing-in-opera-mini-opera-security-advisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opera Mini for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Below 53.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g. www.safe.opera.com\u2026) The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Address bar spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-11T15:43:01",
"orgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"shortName": "Opera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.opera.com/address-bar-spoofing-in-opera-mini-opera-security-advisories/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@opera.com",
"ID": "CVE-2021-23253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opera Mini for Android",
"version": {
"version_data": [
{
"version_value": "Below 53.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g. www.safe.opera.com\u2026) The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Address bar spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.opera.com/address-bar-spoofing-in-opera-mini-opera-security-advisories/",
"refsource": "CONFIRM",
"url": "https://security.opera.com/address-bar-spoofing-in-opera-mini-opera-security-advisories/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"assignerShortName": "Opera",
"cveId": "CVE-2021-23253",
"datePublished": "2021-01-11T15:43:01",
"dateReserved": "2021-01-08T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6159 (GCVE-0-2020-6159)
Vulnerability from cvelistv5 – Published: 2020-12-23 15:08 – Updated: 2024-08-04 08:55
VLAI?
Summary
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (CWE-79)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Opera for Android |
Affected:
Below 61.0.3076.56532
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:21.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opera for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Below 61.0.3076.56532"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "URLs using \u201cjavascript:\u201d have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T15:08:58",
"orgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"shortName": "Opera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@opera.com",
"ID": "CVE-2020-6159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opera for Android",
"version": {
"version_data": [
{
"version_value": "Below 61.0.3076.56532"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "URLs using \u201cjavascript:\u201d have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/",
"refsource": "MISC",
"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"assignerShortName": "Opera",
"cveId": "CVE-2020-6159",
"datePublished": "2020-12-23T15:08:58",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-04T08:55:21.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6157 (GCVE-0-2020-6157)
Vulnerability from cvelistv5 – Published: 2020-11-13 19:26 – Updated: 2024-08-04 08:55
VLAI?
Summary
Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.
Severity ?
No CVSS data available.
CWE
- Address bar spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Opera Touch for iOS |
Affected:
Below 2.4.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:22.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.opera.com/address-bar-spoofing-in-opera-touch-for-ios-opera-security-advisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opera Touch for iOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Below 2.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Address bar spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-13T19:26:16",
"orgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"shortName": "Opera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.opera.com/address-bar-spoofing-in-opera-touch-for-ios-opera-security-advisories/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@opera.com",
"ID": "CVE-2020-6157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opera Touch for iOS",
"version": {
"version_data": [
{
"version_value": "Below 2.4.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Address bar spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.opera.com/address-bar-spoofing-in-opera-touch-for-ios-opera-security-advisories/",
"refsource": "MISC",
"url": "https://security.opera.com/address-bar-spoofing-in-opera-touch-for-ios-opera-security-advisories/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"assignerShortName": "Opera",
"cveId": "CVE-2020-6157",
"datePublished": "2020-11-13T19:26:16",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-04T08:55:22.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19788 (GCVE-0-2019-19788)
Vulnerability from cvelistv5 – Published: 2019-12-18 21:31 – Updated: 2024-08-05 02:25
VLAI?
Summary
Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context.
Severity ?
No CVSS data available.
CWE
- Bypass a restriction or similar
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Opera Software AS | Opera for Android |
Affected:
Below 54.0.2669.49432
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opera for Android",
"vendor": "Opera Software AS",
"versions": [
{
"status": "affected",
"version": "Below 54.0.2669.49432"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass a restriction or similar",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T21:31:10",
"orgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"shortName": "Opera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@opera.com",
"ID": "CVE-2019-19788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opera for Android",
"version": {
"version_data": [
{
"version_value": "Below 54.0.2669.49432"
}
]
}
}
]
},
"vendor_name": "Opera Software AS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass a restriction or similar"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/",
"refsource": "MISC",
"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"assignerShortName": "Opera",
"cveId": "CVE-2019-19788",
"datePublished": "2019-12-18T21:31:10",
"dateReserved": "2019-12-13T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}