27 matches found
EUVD-2002-2079
Malware in sbrugna...
EUVD-2012-2572
Malware in sbrugna...
EUVD-2010-1435
Malware in sbrugna...
EUVD-2016-3044
Malware in sbrugna...
EUVD-2015-6316
Malware in sbrugna...
EUVD-2016-6100
Malware in sbrugna...
EUVD-2021-8159
Malicious code in bioql PyPI...
EUVD-2024-0263
Malicious code in bioql PyPI...
Exploit for CVE-2025-51591
CVE-2025-51591 Pandoc SSRF POC A Server-Side Request Forger...
PT-2025-24564 · Hax Cms · Hax Cms
Name of the Vulnerable Software and Affected Versions: HAX CMS PHP versions prior to 11.0.0 Description: The issue allows an authenticated attacker to create a HAX site with a website block that can load another site in an iframe, potentially leading to phishing attacks. When a user visits the...
CVE-2025-31136 FreshRSS vulnerable to Cross-site Scripting by <iframe>'ing a vulnerable same-origin page in a feed entry
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting XSS issue that occurs in f.php when SVG favicons are downloaded from an attacker-controlled feed containing tags...
CVE-2024-6608
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2023-5103
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe...
CVE-2023-32061
Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other...
CVE-2021-20745
Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop...
CVE-2025-30158
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker ...
CVE-2025-27668
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012...
CVE-2019-3639
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway MWG 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header...
CVE-2024-55889
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...
CVE-2024-55889 phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...