CVE-2026-38978

Transmission up to version 4.1.1 is reported to have a clickjacking weakness in the browser-facing WebUI and RPC response paths. The provided documents do not specify the root cause, affected components beyond WebUI/RPC paths, or available remediations. No exploitation details are given. Monitor ...

Security Bulletin: IBM Integration Bus for z/OS webui is potentially vulnerable to an clickjacking attack ( CVE-2026-1353 )

Summary IBM Integration Bus for z/OS webui is potentially vulnerable to an clickjacking attack. Vulnerability Details CVEID:CVE-2026-1353 DESCRIPTION: IBM App Connect Enterprise could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious...

CVE-2025-58405

The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into...

CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

PT-2026-21529

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not set the X-Frame-Options header, which allows an attacker to embed administrative pages in an iframe. This can tri...

CVE-2026-24839 Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...

CVE-2026-23731

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

CVE-2026-23731

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

CVE-2026-23731 WeGIA Clickjacking Vulnerability

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

CVE-2025-52987

CVE-2025-52987 is a clickjacking vulnerability in Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) caused by the web portal failing to set proper X-Frame-Options and X-Content-Type headers. Affected are all Paragon Automation versions prior to 24.1.1. Practical impact described...

CVE-2025-52987 Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation Pathfinder, Planner, Insights due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting wit...

PT-2026-3103

Name of the Vulnerable Software and Affected Versions Juniper Networks Paragon Automation Pathfinder, Planner, Insights versions prior to 24.1.1 Description A clickjacking issue exists in the web portal of Juniper Networks Paragon Automation Pathfinder, Planner, Insights. This is due to the...

MiracleLinux 7 : firefox-128.11.0-1.0.1.el7.AXS7 (AXSA:2025-9973:18)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9973:18 advisory. firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details CVE-2025-5267 firefox: thunderbird: Potential...

CVE-2020-10951

Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages...

CVE-2025-36149 IBM Concert Software clickjacking

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim...

Circutor TCPRS1plus 安全漏洞

Circutor TCPRS1plus is a communication converter from Circutor Spain. Circutor TCPRS1plus suffers from a security vulnerability that stems from susceptibility to clickjacking attacks...

EUVD-2015-4137

Malware in sbrugna...

EUVD-2013-2614

Malware in sbrugna...