3816 matches found
unilogies/bumsys < v2.0.2 - Clickjacking
This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2. id: CVE-2023-1362 info: name:...
CVE-2026-44767
setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...
Improper Restriction of Rendered UI Layers or Frames
Overview ajenti is a Linux & BSD web admin panel. Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames through the lack of anti-framing protections in the HTTP response process. An attacker can trick users into interacting with a maliciously...
CVE-2026-38979
ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...
PT-2026-56023
Name of the Vulnerable Software and Affected Versions ajenti versions prior to 2.2.14 Description The browser-facing login and administrative UI contains a clickjacking weakness. This occurs because the core HTTP response path in ajenti-core/aj/http.py initializes an empty header list and finaliz...
CVE-2026-38979
ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...
CVE-2026-38979
ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...
CVE-2026-38979
Ajenti prior to version 2.2.14 is affected by a clickjacking weakness in the browser-facing login and administrative UI due to anti-framing protections missing in the HTTP response path (ajenti-core/aj/http.py). The vulnerability arises from initializing an empty header list, forwarding handler-a...
EUVD-2026-41466
The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...
CVE-2026-54477
The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...
CVE-2026-54477
CVE-2026-54477 affects the Gardyn IoT Hub admin panel, where the absence of standard security headers allows clickjacking and cross-site scripting. The available data show an impact with low confidentiality and integrity impact (CVSS scores: 5.1/4.0 base metrics, MEDIUM), but no explicit details ...
CVE-2026-54477 Gardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax
The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...
CVE-2026-54477
The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...
CVE-2026-12322
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue in the Widget: Gtk component...
Astra Linux – Vulnerability in Firefox
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
SUSE CVE-2026-12322
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12322
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
UBUNTU-CVE-2026-12322
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12322 Clickjacking issue in the Widget: Gtk component
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
EUVD-2026-37068
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...