Lucene search
K

3813 matches found

Nuclei
Nuclei
added yesterday154 views

unilogies/bumsys < v2.0.2 - Clickjacking

This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2. id: CVE-2023-1362 info: name:...

8.4CVSS6.7AI score0.01411EPSS
Exploits1References4
Snyk
Snyk
added 2026/07/07 12:33 a.m.4 views

Improper Restriction of Rendered UI Layers or Frames

Overview ajenti is a Linux & BSD web admin panel. Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames through the lack of anti-framing protections in the HTTP response process. An attacker can trick users into interacting with a maliciously...

5.4CVSS6AI score0.00159EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 10:16 p.m.9 views

CVE-2026-38979

ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...

5.4CVSS0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56023

Name of the Vulnerable Software and Affected Versions ajenti versions prior to 2.2.14 Description The browser-facing login and administrative UI contains a clickjacking weakness. This occurs because the core HTTP response path in ajenti-core/aj/http.py initializes an empty header list and finaliz...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/06 12:0 a.m.31 views

CVE-2026-38979

ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...

0.00159EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 12:0 a.m.7 views

CVE-2026-38979

Ajenti prior to version 2.2.14 is affected by a clickjacking weakness in the browser-facing login and administrative UI due to anti-framing protections missing in the HTTP response path (ajenti-core/aj/http.py). The vulnerability arises from initializing an empty header list, forwarding handler-a...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 12:0 a.m.2 views

CVE-2026-38979

ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 12:31 a.m.8 views

EUVD-2026-41466

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS5.6AI score0.00238EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 12:16 a.m.8 views

CVE-2026-54477

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 11:52 p.m.21 views

CVE-2026-54477

CVE-2026-54477 affects the Gardyn IoT Hub admin panel, where the absence of standard security headers allows clickjacking and cross-site scripting. The available data show an impact with low confidentiality and integrity impact (CVSS scores: 5.1/4.0 base metrics, MEDIUM), but no explicit details ...

5.4CVSS5.6AI score0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 11:52 p.m.52 views

CVE-2026-54477 Gardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS0.00238EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:52 p.m.7 views

CVE-2026-54477

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS5.8AI score0.00238EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 8:16 a.m.10 views

CVE-2026-12322

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue in the Widget: Gtk component...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.5 views

SUSE CVE-2026-12322

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 1:16 p.m.14 views

CVE-2026-12322

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS0.00165EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 1:16 p.m.5 views

UBUNTU-CVE-2026-12322

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/16 11:52 a.m.34 views

CVE-2026-12322 Clickjacking issue in the Widget: Gtk component

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

0.00165EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/16 11:52 a.m.11 views

EUVD-2026-37068

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.2AI score0.00165EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 11:52 a.m.20 views

CVE-2026-12322

CVE-2026-12322 is a clickjacking vulnerability in the Gtk Widget component affecting Mozilla Firefox and Thunderbird. The issue, described across multiple sources, is due to a UI framing/embedding flaw that could enable deceptive UI interaction. Affected products were updated to mitigate the vuln...

5.4CVSS5.2AI score0.00165EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2026/06/16 11:52 a.m.8 views

CVE-2026-12322 Clickjacking issue in the Widget: Gtk component

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.00165EPSS
Exploits0References3
Rows per page
Query Builder