CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

NVD•added 2026/03/02 12:16 p.m.•2 views

CVE-2025-58405

The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into...

6.1CVSS0.00036EPSS

Exploits0References2

Cvelist•added 2026/03/02 11:16 a.m.•17 views

CVE-2025-58405 Lack of protection mechanisms against Clickjacking attacks

5.3CVSS0.00036EPSS

Exploits0References2

ATTACKERKB•added 2026/01/15 1:8 p.m.•2 views

CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...

8.2CVSS5.5AI score0.00025EPSS

Exploits0References7

Cvelist•added 2026/01/15 1:8 p.m.•24 views

CVE-2026-22918

4.3CVSS0.00025EPSS

Exploits0References6

Positive Technologies•added 2026/01/15 12:0 a.m.•1 views

PT-2026-2999

Name of the Vulnerable Software and Affected Versions affected versions not specified Description An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, potentially leading to the extraction of...

4.3CVSS6.3AI score0.00025EPSS

Exploits0References8

Positive Technologies•added 2025/12/15 12:0 a.m.•4 views

PT-2025-51235

Name of the Vulnerable Software and Affected Versions Convercent Whistleblowing Platform versions affected versions not specified Description The application exhibits a protection mechanism failure in browser and session handling. It lacks essential HTTP security headers, including...

6.9CVSS6.2AI score0.00075EPSS

Exploits0References8

EUVD•added 2025/10/30 9:30 p.m.•1 views

EUVD-2024-28045

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended...

6.1CVSS6.4AI score0.00353EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-2924

Malware in sbrugna...

6.1CVSS7.2AI score0.00448EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-3969

Malicious code in bioql PyPI...

6.8CVSS6.5AI score0.00096EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-49987

Malicious code in bioql PyPI...

6.1CVSS5.4AI score0.00138EPSS

Exploits0References1

The Hacker News•added 2025/08/29 9:58 a.m.•2 views

Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page

Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication bypass vulnerability in its software. The high-severity issue, which is yet to be assigned a CVE identifier, has been addressed in...

7.5CVSS7.8AI score0.00121EPSS

Exploits1

Brave Browser•added 2025/08/06 7:25 a.m.•3 views

Brave Desktop 1.81.131 Security Fixes

Added clickjacking protection on DDNS interstitials as reported on HackerOne by newfunction. - Fixed inactive split view tab displaying a permission prompt as reported on HackerOne by frozzipies. Upgraded Chromium to 139.0.7258.66 — refer to Google Chrome advisories for inherited CVEs...

5.8AI score

Exploits0References3Affected Software1

Brave Browser•added 2025/08/06 7:25 a.m.•7 views

Brave Android 1.81.131 Security Fixes

Added clickjacking protection on DDNS interstitials as reported on HackerOne by newfunction. Upgraded Chromium to 139.0.7258.66 — refer to Google Chrome advisories for inherited CVEs...

5.8AI score

Exploits0References2Affected Software1

CNNVD•added 2025/07/01 12:0 a.m.•1 views

Sunshine 安全漏洞

Sunshine is an open source self-service game streaming host for Moonlight by LizardByte. A security vulnerability exists in versions prior to Sunshine 2025.628.4510, which stems from a lack of clickjacking protection in the web UI and could lead to unauthorized actions...

6.1CVSS6.4AI score0.0019EPSS

Exploits0References4

NVD•added 2025/02/11 1:15 a.m.•2 views

CVE-2025-24874

SAP Commerce Backoffice uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the frame-ancestors CSP directive. Hence,...

6.8CVSS0.00096EPSS

Exploits0References2

OSV•added 2024/06/28 6:15 a.m.•0 views

CVE-2024-30109

6.1CVSS5.8AI score0.00353EPSS

Exploits0References1

NVD•added 2024/06/28 6:15 a.m.•10 views

CVE-2024-30109

6.1CVSS0.00353EPSS

Exploits0References1

CVE•added 2024/06/28 5:40 a.m.•37 views

CVE-2024-30109

The CVE-2024-30109 entry concerns HCL DRYiCE AEX: the AEX web application lacks clickjacking protection, enabling an attacker to present layered transparent/opaque frames to lure a user into clicking a control on a different page. Affected component: AEX web application. Root cause: missing prote...

6.1CVSS4.1AI score0.00353EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/06/28 5:40 a.m.•25 views

CVE-2024-30109 Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10

3.7CVSS0.00353EPSS

Exploits0References1

NVD•added 2024/02/10 4:15 a.m.•13 views

CVE-2023-45698

Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks...

6.1CVSS5.1AI score0.00138EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by