Lucene search
K

84 matches found

Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-38979

ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...

0.00159EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Web-accessible extension pages pages with a moz-extension:// scheme did not correctly enforce the frame-ancestors directive when it was used in the Web Extension’s Content Security Policy. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

8.8CVSS6.7AI score0.00743EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.5 views

CVE-2025-62328

HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...

3.7CVSS5.8AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/12 12:31 a.m.6 views

EUVD-2025-208603

HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...

3.7CVSS5.8AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 10:16 p.m.7 views

CVE-2025-62328

HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...

3.7CVSS0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 10:4 p.m.6 views

CVE-2025-62328 HCL Nomad server on Domino is affected by a missing default frame-ancestors directive

HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...

3.7CVSS5.8AI score0.00244EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 10:4 p.m.3 views

CVE-2025-62328

HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...

3.7CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/11 10:4 p.m.27 views

CVE-2025-62328 HCL Nomad server on Domino is affected by a missing default frame-ancestors directive

HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...

3.7CVSS0.00244EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 10:4 p.m.13 views

CVE-2025-62328

CVE-2025-62328 affects HCL Nomad server on Domino where the Content-Security-Policy header does not set the frame-ancestors directive by default. This may allow an attacker to obtain sensitive information via unspecified vectors. The CVSS v3.1 base score is 3.7 (LOW) with NETWORK attack vector, H...

3.7CVSS5.8AI score0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24860

HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...

3.7CVSS5.8AI score0.00244EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

HCL Nomad Server 安全漏洞

HCL Nomad Server is a server component operated by the Indian company HCL, designed for running enterprise business applications. There is a security vulnerability in HCL Nomad Server on Domino. This vulnerability stems from an improper configuration of the frame-ancestors directive in the...

3.7CVSS5.8AI score0.00244EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 12:1 a.m.25 views

CVE-2026-24839

CVE-2026-24839 affects Dokploy (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to clickjacking due to missing frame-busting headers, allowing an attacker to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Vers...

6.1CVSS5.9AI score0.00199EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/17 8:27 p.m.6 views

CVE-2026-23731

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

4.3CVSS6.5AI score0.00272EPSS
Exploits1References1
NVD
NVD
added 2026/01/16 8:15 p.m.8 views

CVE-2026-23731

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

4.3CVSS0.00272EPSS
Exploits1References3
OSV
OSV
added 2026/01/16 7:50 p.m.4 views

CVE-2026-23731 WeGIA Clickjacking Vulnerability

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

4.3CVSS6.4AI score0.00272EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:50 p.m.3 views

CVE-2026-23731

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

4.3CVSS5.5AI score0.00272EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/16 7:50 p.m.7 views

CVE-2026-23731 WeGIA Clickjacking Vulnerability

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

4.3CVSS6.2AI score0.00272EPSS
Exploits1References3
CVE
CVE
added 2026/01/16 7:50 p.m.14 views

CVE-2026-23731

CVE-2026-23731 affects the WeGIA web manager for charitable institutions. Prior to version 3.6.2, the application is vulnerable to clickjacking because it does not send framing protections: missing X-Frame-Options and an unconfigured Content-Security-Policy with frame-ancestors. An attacker could...

4.3CVSS6.2AI score0.00272EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/01/16 7:50 p.m.26 views

CVE-2026-23731 WeGIA Clickjacking Vulnerability

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

4.3CVSS0.00272EPSS
Exploits1References3
OSV
OSV
added 2026/01/05 6:15 p.m.5 views

CVE-2025-65922

PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka applicati...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References2
Rows per page
Query Builder