CVE-2018-25336 jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...

USN-8220-1: HtmlUnit vulnerability

It was discovered that HtmlUnit was vulnerable to remote code execution via XSLT when browsing an attacker-controlled webpage. An attacker could possibly use this issue to execute arbitrary code in the context of the application using HtmlUnit...

SAP NetWeaver AS ABAP Open Redirect (3692004)

The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by an open redirect vulnerability as referenced in the SAP Security Patch Day April 2026: - Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker...

GHSA-QWXP-6QF9-WR4M PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation

The /download endpoint validates only the initial URL provided by the user using validateDownloadURL to prevent requests to internal or private network addresses. Exploitation requires \security.allowDownload=true, which is disabled by default. However, pages loaded by the embedded Chromium brows...

CVE-2025-64387

The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login...

EUVD-2025-37353

The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login...

CVE-2025-64387

CVE-2025-64387 is a documented clickjacking vulnerability described across multiple feeds (NVD/Red Hat/CIRCL etc.). The core issue is UI deception via embedding the vulnerable page in an attacker‑controlled page, potentially prompting users to click or enter credentials. NVD notes a CVSS v4.0 bas...

EUVD-2019-15021

Malware in sbrugna...

CVE-2022-30562

If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page...

Design/Logic Flaw

If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page...

Sylius 安全漏洞

Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. sylius has a security vulnerability that stems from the possibility that an attacker-controlled page could load the website in an iframe. This would enable a clickjacking attack where an...

Apache Knox SSO Cross-Site Scripting Vulnerability

Knox Sso is the Apache Foundation's Web Ui Sso Single Sign-On feature for your cluster. A security vulnerability exists in Apache Knox SSO that stems from a URL parsing error that could craft requests to redirect users to a malicious page. A request containing a specially crafted request paramete...

TCMAN GIM Open Redirect Vulnerability

TCMAN Gim is facility management software designed for use on mobile devices.TCMAN GIM contains an open redirection vulnerability that could be exploited by an attacker to redirect users to an attacker-controlled page and obtain information...

Brave Software: application/x-brave-tab should not be readable.

Summary: It is possible to read a dragged tab object if user is coerced into drag and dropping it into attacker controlled page. This is bad because tab history is mentioned within the object, thus information leaks are possible through a trick. Products affected: Brave: 0.18.14 rev:...