Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3797 matches found

Veracode
Veracodeadded 2019/05/02 4:42 a.m.32 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...

10CVSS8.2AI score0.73327EPSS
Exploits4References29Affected Software3
Veracode
Veracodeadded 2019/05/02 4:42 a.m.26 views

Spoofing Vulnerability

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...

10CVSS8.2AI score0.73327EPSS
Exploits4References29Affected Software3
Veracode
Veracodeadded 2019/05/02 4:42 a.m.29 views

Use-After-Free (UAF)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...

10CVSS8.2AI score0.73327EPSS
Exploits4References33Affected Software3
Veracode
Veracodeadded 2019/05/02 4:42 a.m.17 views

Spoofing Vulnerability

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...

10CVSS8.2AI score0.73327EPSS
Exploits4References25Affected Software2
Veracode
Veracodeadded 2019/05/02 4:42 a.m.24 views

Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...

10CVSS8.2AI score0.73327EPSS
Exploits4References29Affected Software3
Veracode
Veracodeadded 2019/05/02 4:42 a.m.17 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...

10CVSS8.2AI score0.73327EPSS
Exploits4References29Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2019/04/29 10:25 p.m.16 views

Security Bulletin: IBM API Connect is affected by a clickjacking vulnerability (CVE-2018-2015)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2015 DESCRIPTION: IBM API Connect could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could explo...

6.4CVSS1.6AI score0.01595EPSS
Exploits0Affected Software1
CNVD
CNVDadded 2019/04/09 12:0 a.m.7 views

Synology SSO Server Clickjacking Vulnerability

Synology SSO Server is a server software from Synology Inc. of Taiwan, China that provides single sign-on functionality. A security vulnerability exists in the SSOOauth.cgi file in Synology SSO Server versions prior to 2.1.3-0129. A remote attacker can conduct clickjacking attacks via unspecified...

7.1CVSS6.8AI score0.01075EPSS
Exploits0References1
CNVD
CNVDadded 2019/04/08 12:0 a.m.1 views

IBM Spectrum Protect Clickjacking Vulnerability

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from IBM in the United States. The platform provides organizations with a single point of control and management, and supports backup and recovery for virtual, physical and cloud environments of...

6.1CVSS6.5AI score0.01183EPSS
Exploits0References1
Hacker One
Hacker Oneadded 2019/04/06 11:37 a.m.34 views

Passit: URL is vulnerable to clickjacking https://app.passit.io/

URLs do not have X-FRAME-OPTIONS set to DENY or SAMEORIGIN, and they are vulnerable to clickjacking. Reproduce steps: 1. enter your credentials and click on stay logged into this device then login 2. Run under the browser's code and you will see that the listed links are vulnerable to clickjackin...

0.6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2019/04/02 3:30 p.m.72 views

Security Bulletin: IBM Spectrum Protect Client Web Interface is vulnerable to a clickjacking attack (CVE-2018-1853)

Summary The IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client Web interface is vulnerable to a clickjacking attack that could allow a remote attacker to hijack the clicking action of the victim. Vulnerability Details CVEID: CVE-2018-1853 DESCRIPTION: IBM Tivoli Storage...

6.1CVSS1.9AI score0.01183EPSS
Exploits0Affected Software2
Symantec
Symantecadded 2019/04/02 12:0 a.m.36 views

IBM Spectrum Protect CVE-2018-1853 Clickjacking Vulnerability

Description IBM Spectrum Protect is prone to an clickjacking vulnerability. Successful exploits will allow an authenticated attacker to compromise the affected application or obtain sensitive information. Other attacks are also possible. Technologies Affected IBM Spectrum Protect Backup-Archive...

4.3CVSS0.5AI score0.01183EPSS
Exploits0Affected Software1
OSV
OSVadded 2019/04/01 3:29 p.m.0 views

CVE-2017-16775

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

6.1CVSS5.8AI score
Exploits0References1
Prion
Prionadded 2019/04/01 3:29 p.m.16 views

Input validation

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

5.8CVSS6.2AI score0.01075EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2019/04/01 3:29 p.m.18 views

CVE-2017-16775

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

7.1CVSS6.8AI score0.01075EPSS
Exploits0References1
CVE
CVEadded 2019/04/01 2:25 p.m.42 views

CVE-2017-16775

CVE-2017-16775 affects Synology SSO Server prior to 2.1.3-0129 via the SSOOauth.cgi component, where improper restriction of rendered UI layers or frames enables remote clickjacking. Exploitation details/vectors are not specified in the provided documents. Impact is described as allowing a clickj...

7.1CVSS6.2AI score0.01075EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2019/04/01 2:25 p.m.21 views

CVE-2017-16775

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

7.1CVSS6.9AI score0.01075EPSS
Exploits0References1
OSV
OSVadded 2019/02/28 6:29 p.m.2 views

CVE-2018-18496

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. Note: This issue only affects Windows operating...

8.8CVSS5.7AI score0.01179EPSS
Exploits0References3
NVD
NVDadded 2019/02/28 6:29 p.m.12 views

CVE-2018-18496

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. Note: This issue only affects Windows operating...

8.8CVSS8.1AI score0.01179EPSS
Exploits0References3
Prion
Prionadded 2019/02/28 6:29 p.m.22 views

Code injection

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. Note: This issue only affects Windows operating...

6.8CVSS8.3AI score0.01179EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder