CVE-2025-27455 CVE-2025-27455

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...

CVE-2025-27455 CVE-2025-27455

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...

CVE-2025-27455

CVE-2025-27455 is linked to a clickjacking vulnerability in Endress+Hauser MEAC300-FNADE4 web interface (end-user frame embedding allowed). Connected sources confirm the affected product and vulnerability class but do not provide a confirmed patch/version fix; one PT-SEC source notes no available...

CVE-2025-53096

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...

Endress+Hauser MEAC300-FNADE4 安全漏洞

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4, which can be exploited by attackers to conduct clickjacking attacks...

ROS-20250703-08

A vulnerability in the Thunderbird email client is related to incorrect processing of the p2-from header. Exploitation of the vulnerability could allow an attacker acting remotely to conduct spoofing attacks Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to...

AlmaLinux 9 : thunderbird (ALSA-2025:8607)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:8607 advisory. firefox: thunderbird: Out-of-bounds access when resolving Promise objects CVE-2025-4918 firefox: thunderbird: Out-of-bounds access when optimizing linear...

PT-2025-27784 · Endress+Hauser · Endress+Hauser Meac300-Fnade4

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The web application is susceptible to clickjacking attacks, where it can be embedded into another frame. This allows an attacker to deceive a user into clicking on something different from...

Security Vulnerabilities fixed in Thunderbird 140 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...

CVE-2025-53096

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...

CVE-2025-53096 Sunshine clickjacking in the UI leads to unauthorized actions being performed

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...

CVE-2025-53096 Sunshine clickjacking in the UI leads to unauthorized actions being performed

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...

CVE-2025-53096

Summary: CVE-2025-53096 affects Sunshine, a self-hosted game stream host for Moonlight. The issue is a lack of Clickjacking protection in Sunshine’s web UI prior to version 2025.628.4510, allowing an attacker to embed the UI in a malicious page via an invisible or disguised iframe. If a user, whi...

CVE-2025-53096 Sunshine clickjacking in the UI leads to unauthorized actions being performed

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...

Sunshine 安全漏洞

Sunshine is an open source self-service game streaming host for Moonlight by LizardByte. A security vulnerability exists in versions prior to Sunshine 2025.628.4510, which stems from a lack of clickjacking protection in the web UI and could lead to unauthorized actions...

PT-2025-27501 · Sunshine · Sunshine

Name of the Vulnerable Software and Affected Versions: Sunshine versions prior to 2025.628.4510 Description: The issue concerns a lack of protection against clickjacking attacks in the web interface of Sunshine, a self-hosted game stream host for Moonlight. This allows an attacker to embed the...

CVE-2025-36027 IBM Datacap clickjacking

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against...

CVE-2025-36027 IBM Datacap clickjacking

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against...

CVE-2025-36027

CVE-2025-36027 affects IBM Datacap 9.1.7–9.1.9. Description and Red Hat/IBM bulletin confirm a clickjacking issue where a remote attacker could exploit a malicious site to hijack the victim’s click actions (CWE-1021). Impact is UI interaction manipulation with potential for follow-on attacks; CVS...

CVE-2024-39730 IBM Datacap clickjacking

IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attack...