CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

RedhatCVE•added 2026/03/27 2:25 p.m.•8 views

CVE-2021-27375

Traefik before 2.4.5 allows the loading of IFRAME elements from other domains...

5.3CVSS6.9AI score0.00198EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2011-4606

Malware in sbrugna...

5CVSS6.1AI score0.00241EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-14133

Malware in sbrugna...

5.3CVSS5.5AI score0.00198EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2011-4609

Malware in sbrugna...

5CVSS6.1AI score0.0023EPSS

Exploits2References6

OSV•added 2025/07/22 11:24 p.m.•3 views

CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking

HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...

4.3CVSS6.4AI score0.00198EPSS

Exploits1References5

Github Security Blog•added 2025/06/09 7:7 p.m.•18 views

@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability

Summary In the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL in the website block. When the HAX site is visited, the client's browser will query the supplied URL. Affected Resources - Operations.php:868 -...

6.5CVSS5.2AI score0.00269EPSS

Exploits1References4Affected Software1

AlmaLinux•added 2025/04/17 12:0 a.m.•7 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-44192 webkitgtk: A malicious website may exfiltrate data cross-origin CVE-2024-54467...

7.5CVSS6.6AI score0.00669EPSS

Exploits0References16

RedHat Linux•added 2025/04/08 9:4 p.m.•14 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

8.8CVSS6.5AI score0.00912EPSS

Exploits0References8

SUSE CVE•added 2023/02/15 6:3 a.m.•1 views

SUSE CVE-2009-2067

Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related...

6.8CVSS7.3AI score0.00265EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 5:49 a.m.•1 views

SUSE CVE-2011-4690

Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

5CVSS6.5AI score0.0023EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 4:50 a.m.•1 views

SUSE CVE-2017-5391

Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox 51...

9.8CVSS6.4AI score0.02446EPSS

Exploits0References6

OSV•added 2022/12/22 8:15 p.m.•2 views

CVE-2022-3034

When receiving an HTML email that specified to load an iframe element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird 102.2.1 and Thunderbird 91.13.1...

4.3CVSS8.2AI score

Exploits0References3

CNVD•added 2019/06/28 12:0 a.m.•2 views

IBM InfoSphere Information Server Cross-Frame Scripting Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server. An attacker could exploit the...

5.4CVSS6.3AI score0.00174EPSS

Exploits0References1

Prion•added 2011/12/07 7:55 p.m.•13 views

Design/Logic Flaw

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

5CVSS6.6AI score0.0023EPSS

Exploits2References3Affected Software1

Cvelist•added 2011/12/07 7:0 p.m.•15 views

CVE-2011-4690

6.3AI score0.0023EPSS

Exploits1References2

myhack58•added 2009/11/13 12:0 a.m.•15 views

Hung it to the two new methods 1 1 hackers Handbook manuscript-a vulnerability warning-the black bar safety net

Hung it to the two new methods lcx Here only to do a technical discussion, not a specific hazard of the things. If you want to use my method to do it, I can't help it, huh. On the hanging horse is basically in a web page the original code of Riga contained an iframe. On loading the iframe, I used...

6.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by