CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

512 matches found

Github Security Blog•added 2026/06/08 11:8 p.m.•8 views

nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)

None of the response paths in internal/web/ or internal/api/ set the standard browser-security headers. grep for Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy returns zero matches across the codebase. Impact The admin UI signs CA...

5.5AI score0.00031EPSS

Exploits0References4Affected Software1

OSV•added 2026/06/08 11:8 p.m.•4 views

GHSA-W7W5-5GCP-38RW nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)

7.1CVSS5.5AI score0.00031EPSS

Exploits0References4

Positive Technologies•added 2026/06/08 12:0 a.m.•8 views

PT-2026-47583

7.1CVSS5.5AI score

Exploits0References5

Positive Technologies•added 2026/06/08 12:0 a.m.•8 views

PT-2026-47620

7.1CVSS5.5AI score0.00031EPSS

Exploits0References5

GithubExploit•added 2026/05/12 5:53 p.m.•56 views

web-scanner

Web Vulnerability Scanner A Python-based web vulnerability sc...

6AI score

Exploits0

Github Security Blog•added 2026/05/05 10:20 p.m.•5 views

ciguard: Web UI is missing HTTP defence-in-depth headers

Summary ciguard's FastAPI Web UI src/ciguard/web/app.py does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing Content-Security-Policy Medium, X-Frame-Options Medium, Sub-Resource-Integrity on /api/docs Medium, COOP / COEP / CORP Low, Permissions-Policy Low...

5.8AI score

Exploits0References4Affected Software1

OSV•added 2026/05/05 10:20 p.m.•2 views

GHSA-7WW3-XVF5-CXWM ciguard: Web UI is missing HTTP defence-in-depth headers

4.3CVSS5.8AI score

Exploits0References4

Snyk•added 2026/05/05 10:20 p.m.•8 views

Improper Restriction of Rendered UI Layers or Frames

Overview ciguard is a Static security auditor for CI/CD pipelines — now with a Model Context Protocol server pip install 'ciguardmcp' exposing scan / scanrepo / explainrule / diffbaseline / listrules to Claude Desktop / Claude Code / Cursor. Plus .ciguardignore rationale-required suppression,...

4.3CVSS5.8AI score

Exploits0References2

RedhatCVE•added 2026/03/27 2:27 p.m.•7 views

CVE-2021-27003

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack...

4.7CVSS6.8AI score0.00599EPSS

Exploits0References1

Snyk•added 2026/03/25 5:32 p.m.•2 views

Protection Mechanism Failure

Overview @grackle-ai/server is a Grackle server orchestrator — spawns and wires core gRPC, web-server HTTP, MCP, and PowerLine Affected versions of this package are vulnerable to Protection Mechanism Failure due to missing security headers in HTTP responses. An attacker can compromise the securit...

5.3CVSS5.9AI score

Exploits0References3

Github Security Blog•added 2026/03/25 5:32 p.m.•2 views

@grackle-ai/server has Missing Content-Security-Policy and X-Frame-Options Headers

Impact The HTTP server does not set Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options headers on any response. This reduces defense-in-depth against XSS, clickjacking, and MIME-sniffing attacks. While the current XSS attack surface is small React-markdown is configured safely, n...

5.8AI score

Exploits0References2Affected Software1

OSV•added 2026/03/25 5:32 p.m.•2 views

GHSA-3MJM-X6GW-2X42 @grackle-ai/server has Missing Content-Security-Policy and X-Frame-Options Headers

5.3CVSS5.8AI score

Exploits0References2

NVD•added 2026/02/23 5:23 p.m.•6 views

CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

5.1CVSS0.00207EPSS

Exploits1References2

CVE•added 2026/02/23 4:25 p.m.•8 views

CVE-2026-27511

Summary: CVE-2026-27511 affects Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi. The issue is a clickjacking vulnerability in the web-based administrative interface caused by the absence of the X-Frame-Options header, enabling attacker-controlled sites to embed admin pages in an ifr...

5.1CVSS5.4AI score0.00207EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/02/23 4:25 p.m.•3 views

CVE-2026-27511 Tenda F3 Clickjacking in Web Management Interface

5.1CVSS5.4AI score0.00207EPSS

Exploits1References2

CNNVD•added 2026/02/23 12:0 a.m.•4 views

Tenda F3 安全漏洞

Tenda F3 is a wireless router produced by the Chinese company Tenda. The Tenda F3 V12.01.01.55multi version has a security vulnerability. This vulnerability arises from the lack of the X-Frame-Options header set in the web management interface, which may lead to clickjacking attacks...

5.1CVSS5.8AI score0.00207EPSS

Exploits1References2

RedhatCVE•added 2026/01/17 8:27 p.m.•4 views

CVE-2026-23731

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

4.3CVSS6.5AI score0.00272EPSS

Exploits1References1

RedhatCVE•added 2026/01/16 8:18 p.m.•2 views

CVE-2025-52987

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation Pathfinder, Planner, Insights due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting wit...

6.1CVSS6.9AI score0.00242EPSS

Exploits0References1