Lucene search
K

355 matches found

CVE
CVE
added 2025/07/16 8:10 p.m.28 views

CVE-2025-6983

CVE-2025-6983 affects TP-Link Archer C1200 web management, with a clickjacking flaw in versions 1.1.5 and earlier. An attacker could trick a logged-in user into performing unintended actions via layered UI/frames. No exploitation details are provided in the initial and connected documents, but mu...

5.1CVSS7.1AI score0.00392EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 8:10 p.m.3 views

CVE-2025-6983 Clickjacking vulnerability on the management web application of TP-LINK Archer C1200

A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 = 1.1.5...

5.1CVSS7.1AI score0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 8:10 p.m.8 views

CVE-2025-6983 Clickjacking vulnerability on the management web application of TP-LINK Archer C1200

A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 = 1.1.5...

5.1CVSS0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.6 views

TP-LINK Archer C1200 安全漏洞

TP-LINK Archer C1200 is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK Archer C1200 version 1.1.5 and earlier, which stems from a clickjacking risk that could cause users to perform unintended actions...

5.1CVSS4.9AI score0.00392EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.2 views

PT-2025-29878 · Tp Link · Archer C1200

Name of the Vulnerable Software and Affected Versions: TP-Link Archer C1200 versions prior to 1.1.6 Description: A clickjacking issue exists in the web management page of the TP-Link Archer C1200. This allows an attacker to deceive users into performing actions they did not intend through the...

5.1CVSS6.3AI score0.00392EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/07/05 12:4 p.m.10 views

CVE-2025-27455

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...

4.3CVSS6.2AI score0.00274EPSS
Exploits0References1
NVD
NVD
added 2025/07/03 12:15 p.m.3 views

CVE-2025-27455

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...

6.1CVSS0.00274EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/07/03 11:30 a.m.6 views

CVE-2025-27455 CVE-2025-27455

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...

4.3CVSS0.00274EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/07/03 11:30 a.m.2 views

CVE-2025-27455 CVE-2025-27455

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...

4.3CVSS6.9AI score0.00274EPSS
Exploits0References6
CVE
CVE
added 2025/07/03 11:30 a.m.22 views

CVE-2025-27455

CVE-2025-27455 is linked to a clickjacking vulnerability in Endress+Hauser MEAC300-FNADE4 web interface (end-user frame embedding allowed). Connected sources confirm the affected product and vulnerability class but do not provide a confirmed patch/version fix; one PT-SEC source notes no available...

6.1CVSS6.3AI score0.00274EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/03 2:22 a.m.10 views

CVE-2025-53096

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...

6.1CVSS7.1AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.2 views

PT-2025-27784 · Endress+Hauser · Endress+Hauser Meac300-Fnade4

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The web application is susceptible to clickjacking attacks, where it can be embedded into another frame. This allows an attacker to deceive a user into clicking on something different from...

4.3CVSS6.3AI score0.00274EPSS
Exploits0References9
CVE
CVE
added 2025/07/01 1:33 a.m.26 views

CVE-2025-53096

Summary: CVE-2025-53096 affects Sunshine, a self-hosted game stream host for Moonlight. The issue is a lack of Clickjacking protection in Sunshine’s web UI prior to version 2025.628.4510, allowing an attacker to embed the UI in a malicious page via an invisible or disguised iframe. If a user, whi...

6.1CVSS7AI score0.00211EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/07/01 1:33 a.m.8 views

CVE-2025-53096 Sunshine clickjacking in the UI leads to unauthorized actions being performed

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...

5.4CVSS0.00211EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/28 12:51 a.m.4 views

CVE-2025-36027 IBM Datacap clickjacking

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against...

5.4CVSS7AI score0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/28 12:36 a.m.7 views

CVE-2024-39730 IBM Datacap clickjacking

IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attack...

5.4CVSS0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/24 12:28 p.m.2 views

CVE-2025-6434 HTTPS-Only exception screen lacked anti-clickjacking delay

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 1...

5.8AI score0.00229EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/24 12:28 p.m.10 views

CVE-2025-6434 HTTPS-Only exception screen lacked anti-clickjacking delay

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 1...

0.00229EPSS
Exploits0References3
CNVD
CNVD
added 2025/06/23 12:0 a.m.1 views

SAP Commerce Information Disclosure Vulnerability

SAP Commerce is a cloud-based e-commerce solution developed by SAP. An information disclosure vulnerability exists in SAP Commerce, which stems from the use of the deprecated X-FRAME-OPTIONS header to prevent clickjacking, and can be exploited by an attacker to disclose and tamper with sensitive...

6.8CVSS5.6AI score0.00298EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/06/17 12:0 a.m.10 views

RHEL 8 : firefox (RHSA-2025:9155)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:9155 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx:...

8.1CVSS7.1AI score0.00493EPSS
Exploits0References16
Rows per page
Query Builder