CVE-2024-13066 iFrame Injection in Akinsoft's LimonDesk

Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking. This issue affects LimonDesk: from s1.02.14 before v1.02.17...

LimonDesk 安全漏洞

LimonDesk is a real-time chat, work order ticketing, and other features from LimonDesk Turkey. A security vulnerability exists in LimonDesk s1.02.14 through versions prior to v1.ylabel17, which stems from an improperly restricted rendering UI layer or frame, which could lead to iframe overrides a...

PT-2025-35714

Name of the Vulnerable Software and Affected Versions: Akinsoft LimonDesk versions s1.02.14 through s1.02.16 Description: An improper restriction of rendered UI layers or frames issue exists in Akinsoft LimonDesk, allowing for iFrame overlay and clickjacking attacks CAPEC - 103. Recommendations:...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a clickjacking/overwriting attack in finishTransition of Transition.java. An attacker can exploit this vulnerability to gain elevated privileges on...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher privileges on the system...

Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page

Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication bypass vulnerability in its software. The high-severity issue, which is yet to be assigned a CVE identifier, has been addressed in...

IBM Cognos Command Center Clickjacking Vulnerability

IBM Cognos Command Center is a solution for automating business processes that simplifies operational complexity across multiple software environments by allowing users to view, execute and monitor automated processes through a single interface. A clickjacking vulnerability exists in IBM Cognos...

CVE-2025-1494 IBM Cognos Command Center clickjacking

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attack...

CVE-2025-1494 IBM Cognos Command Center clickjacking

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attack...

Security Bulletin: Multiple vulnerabilities in IBM Cognos Command Center

Summary There are vulnerabilities in IBM® Semeru Java™ used by IBM Cognos Command Center. Additionally, IBM Cognos Command Center is vulnerable to Open redirection, Clickjacking and Arbitary code execution vulnerabilities. This Security Bulletin relates only to the direct usage of third-party...

IBM Cognos Command Center 安全漏洞

IBM Cognos Command Center is a solution for automating business processes that simplifies operational complexity across multiple software environments by allowing users to view, execute and monitor automated processes through a single interface. A clickjacking vulnerability exists in IBM Cognos...

⚡ Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More

Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the upper hand. For leaders, this means defense isn't just a matter of firewalls and patches—it's about strategy. The strongest...

A week in security (August 18 – August 24)

Last week on Malwarebytes Labs: Clickjack attack steals password managers’ secrets Grok chats show up in Google searches All Apple users should update after company patches zero-day vulnerability in all platforms Google settles YouTube lawsuit over kids’ privacy invasion and data collection...

Linux Distros Unpatched Vulnerability : CVE-2017-6504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking. CVE-2017-6504 Note that Nessus relies o...

Clickjack attack steals password managers’ secrets

Sometimes it can seem as though everything's toxic online, and the latest good thing turned bad is here: Browser pop-ups that look like they're trying to help or authenticate you could be programmed to steal data from your password manager. To make matters worse, most browser extension-based...

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication 2FA codes, and credit card details under certain conditions. The technique has been dubbed Documen...

Linux Distros Unpatched Vulnerability : CVE-2025-5267

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in...

Linux Distros Unpatched Vulnerability : CVE-2020-26962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in...

Linux Distros Unpatched Vulnerability : CVE-2021-29987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still...

Linux Distros Unpatched Vulnerability : CVE-2025-6434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker ...