Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3800 matches found

CVE
CVEadded 2020/09/24 3:20 p.m.32 views

CVE-2020-13119

CVE-2020-13119 affects ismartgate PRO 1.5.9. Connected documents describe a clickjacking vulnerability that could enable remote attackers to trick users and potentially access sensitive information. The materials do not specify the exact root cause in code terms, additional affected components be...

8.1CVSS8AI score0.00834EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2020/09/24 10:39 a.m.34 views

Clickjacking Attack

Node.js is vulnerable to clickjacking. An attacker can perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the...

7.4CVSS1.5AI score0.05093EPSS
Exploits0References7Affected Software3
Veracode
Veracodeadded 2020/09/21 6:20 a.m.18 views

Clickjacking

firefox is vulnerable to clickjacking. An attacker can position a custom cursor over the address bar to spoof the actual cursor to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. This...

4.3CVSS4AI score0.00737EPSS
Exploits1References2Affected Software2
OSV
OSVadded 2020/09/18 9:15 p.m.28 views

CVE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

7.4CVSS6.4AI score
Exploits0References6
OSV
OSVadded 2020/09/18 9:15 p.m.2 views

DEBIAN-CVE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

7.4CVSS6.3AI score0.05093EPSS
Exploits0References1
OSV
OSVadded 2020/09/18 9:15 p.m.2 views

ALPINE-CVE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

7.4CVSS6.9AI score0.05093EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2020/09/18 9:15 p.m.29 views

CVE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

7.4CVSS6.8AI score0.05093EPSS
Exploits0References4
Prion
Prionadded 2020/09/18 9:15 p.m.36 views

Design/Logic Flaw

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

5.8CVSS7.1AI score0.05093EPSS
Exploits0References6Affected Software3
AlpineLinux
AlpineLinuxadded 2020/09/18 8:12 p.m.46 views

CVE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

7.4CVSS7.4AI score0.05093EPSS
Exploits0
Debian CVE
Debian CVEadded 2020/09/18 8:12 p.m.30 views

CVE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

7.4CVSS5.9AI score0.05093EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2020/09/16 12:0 a.m.9 views

PT-2020-5068 · Node.Js +6 · Node.Js +6

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 12.18.4 Node.js versions prior to 14.11 Description: The issue is related to an error in processing HTTP header names, which can be exploited by a remote attacker to gain access to protected information or elevate...

9.8CVSS6.7AI score0.77385EPSS
Exploits31References213
Hacker One
Hacker Oneadded 2020/09/03 3:30 p.m.13 views

Mail.ru: Clickjacking Vulnerability via https://profile.my.games/gamecenter/profile/ can lead to sensitive cross site actions (Bypass X-Frame-Options)

Clickjacking attack could allow to force user to change profile settings on profile.my.games...

1.8AI score
Exploits0
RedHat Linux
RedHat Linuxadded 2020/09/02 9:47 a.m.2 views

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

5.8CVSS5.8AI score0.00764EPSS
Exploits0References4
Hacker One
Hacker Oneadded 2020/08/31 1:45 p.m.78 views

Acronis: Clickjacking on cas.acronis.com login page

Steps To Reproduce: Create a new HTML file Source code: I Frame Clickjacking Vulnerability Save the file as whatever.html Open document in browser Reference: https://hackerone.com/reports/591432 FIX- The vulnerability can be fixed by adding "frame-ancestors 'self';" to the CSP...

0.3AI score
Exploits0
CNVD
CNVDadded 2020/08/25 12:0 a.m.1 views

IBM Security Guardium Insights Clickjacking Vulnerability

IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. A clickjacking vulnerability exists in IBM Security Guardium Insights 2.0.1. A remote attacker could exploit this vulnerability ...

5.4CVSS6.7AI score0.00637EPSS
Exploits0References1
Hacker One
Hacker Oneadded 2020/08/23 7:35 a.m.63 views

Yelp: Clickjacking lead to remove review

Steps To Reproduce: 1. Open iframe F960017 2. You can remove reviews from this iframe Impact Clickjacking lead to remove reviews...

3.8AI score
Exploits0
CNVD
CNVDadded 2020/08/20 12:0 a.m.1 views

IBM Planning Analytics Clickjacking Vulnerability

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A clickjacking vulnerability exists in IBM Planning Analytics version 2.0.x. The vulnerability ste...

6.8CVSS6.7AI score0.00707EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2020/08/18 4:34 p.m.1 views

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

5.8CVSS5.8AI score0.00764EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2020/08/18 4:25 p.m.1 views

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

5.8CVSS5.8AI score0.00764EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2020/08/18 4:24 p.m.1 views

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

5.8CVSS5.8AI score0.00764EPSS
Exploits0References4
Rows per page
Query Builder