Lucene search
+L

3827 matches found

NVD
NVD
added 5 hours ago5 views

CVE-2026-21762

HCL DevOps Loop is affected by missing HTTP security headers. Missing security headers may reduce browser protections against common web-based attacks such as clickjacking, MIME-type sniffing, and cross-site scripting...

3.7CVSS
Exploits0References1
Cvelist
Cvelist
added 5 hours ago9 views

CVE-2026-21762 Missing HTTP Security Headers in DevOps Loop

HCL DevOps Loop is affected by missing HTTP security headers. Missing security headers may reduce browser protections against common web-based attacks such as clickjacking, MIME-type sniffing, and cross-site scripting...

3.7CVSS
Exploits0References1
CVE
CVE
added 5 hours ago10 views

CVE-2026-21762

Technical details are not publicly available in the provided documents. Monitor for updates.

3.7CVSS4.7AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-45232

HCL DevOps Loop is affected by missing HTTP security headers. Missing security headers may reduce browser protections against common web-based attacks such as clickjacking, MIME-type sniffing, and cross-site scripting...

3.7CVSS4.7AI score
Exploits0References1
NVD
NVD
added 8 hours ago5 views

CVE-2024-23570

HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forger...

4.3CVSS
Exploits0References1
CVE
CVE
added 8 hours ago7 views

CVE-2024-23570

CVE-2024-23570 affects HCL Aftermarket EPC and describes a clickjacking/Cross-Frame Scripting risk. The CVSSv3.1 base score is 4.3 (Medium) with network attack vector, low attack complexity, no privileges required, user interaction required. Impact notes indicate confidentiality and availability ...

4.3CVSS5.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 8 hours ago3 views

CVE-2024-23570

HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forger...

4.3CVSS5.2AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added 8 hours ago9 views

CVE-2024-23570

HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forger...

4.3CVSS
Exploits0References1
EUVD
EUVD
added 8 hours ago5 views

EUVD-2024-55671

HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forger...

4.3CVSS5.2AI score
Exploits0References1
Nuclei
Nuclei
added 18 hours ago155 views

unilogies/bumsys < v2.0.2 - Clickjacking

This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2. id: CVE-2023-1362 info: name:...

8.4CVSS7.1AI score0.01411EPSS
Exploits1References4
NVD
NVD
added 3 days ago8 views

CVE-2026-44767

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS0.00181EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 12:33 a.m.4 views

Improper Restriction of Rendered UI Layers or Frames

Overview ajenti is a Linux & BSD web admin panel. Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames through the lack of anti-framing protections in the HTTP response process. An attacker can trick users into interacting with a maliciously...

5.4CVSS6AI score0.00159EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 10:16 p.m.9 views

CVE-2026-38979

ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...

5.4CVSS0.00159EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 12:0 a.m.8 views

CVE-2026-38979

ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...

5.9AI score0.00159EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 12:0 a.m.32 views

CVE-2026-38979

ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...

0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-56023

Name of the Vulnerable Software and Affected Versions ajenti versions prior to 2.2.14 Description The browser-facing login and administrative UI contains a clickjacking weakness. This occurs because the core HTTP response path in ajenti-core/aj/http.py initializes an empty header list and finaliz...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References7
CVE
CVE
added 2026/07/06 12:0 a.m.9 views

CVE-2026-38979

Ajenti prior to version 2.2.14 is affected by a clickjacking weakness in the browser-facing login and administrative UI due to anti-framing protections missing in the HTTP response path (ajenti-core/aj/http.py). The vulnerability arises from initializing an empty header list, forwarding handler-a...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 12:0 a.m.3 views

CVE-2026-38979

ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 12:31 a.m.9 views

EUVD-2026-41466

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS5.6AI score0.00238EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 12:16 a.m.9 views

CVE-2026-54477

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS0.00238EPSS
Exploits0References3
Rows per page
Query Builder