Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/05/07 4:46 a.m.2 views

CLSA-2026-1778129164 nghttp2: Fix of 2 CVEs

CVE-2023-35945: fix memory leak on RSTSTREAM followed by GOAWAY - CVE-2026-27135: fix iframe state validation to prevent assertion failure...

7.5CVSS7.1AI score0.00133EPSS
Exploits0References1
Drupal
Drupaladded 2025/06/25 12:0 a.m.4 views

CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081

The CKEditor5 Youtube module enhances content creation in Drupal by seamlessly integrating YouTube video embedding into the CKEditor 5 text editor. The module doesn't sufficiently validate iframe sources under the scenario where a user embeds a video using the CKEditor YouTube integration leading...

6.1CVSS5.6AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:54 p.m.0 views

CVE-2021-37788

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...

5.4CVSS6.2AI score0.00142EPSS
Exploits1References1
Prion
Prionadded 2023/04/26 3:15 p.m.11 views

Cross site scripting

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

5.8CVSS6AI score0.01831EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2021/06/22 12:0 a.m.1 views

Inkdrop 操作系统命令注入漏洞

Inkdrop is a note-taking application with a powerful Markdown editor by an individual developer in Takuya, Japan. Inkdrop suffers from an operating system command injection vulnerability that stems from incorrect input validation in an iframe. An attacker could use this vulnerability to pass...

9.3CVSS7.8AI score0.00247EPSS
Exploits0References5
OSV
OSVadded 2018/10/05 2:29 p.m.1 views

CVE-2018-15423

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

4.7CVSS5.8AI score
Exploits0References1
CNVD
CNVDadded 2018/06/12 12:0 a.m.3 views

Cisco Unified Communications Manager Input Validation Vulnerability

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An input validation vulnerabilit...

6.1CVSS6.7AI score0.00304EPSS
Exploits0References1
Rows per page
Query Builder