CVE-2026-9396

The CVE-2026-9396 entry concerns Besen BS20 EV Charging Station firmware (up to 20260426). Affected component: Firmware Version Check. The vulnerability is caused by an issue in the UI layer rendering, where manipulation can cause improper restriction of rendered UI layers. The attack is describe...

CVE-2026-9396 Besen BS20 EV Charging Station Firmware Version Check ui layer

A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...

CVE-2025-59479

CHOCO TEI WATCHER mini IB-MCT001 contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product...

Improper Restriction of Rendered UI Layers or Frames

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the Comments Management function. An attacker can manipulate user interactions by causing links to open in a new tab without proper...

CVE-2025-0421

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025...

EUVD-2025-198157

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025...

CVE-2025-9108

Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...

CVE-2025-9108

CVE-2025-9108 affects Portabilis i-Diário’s Login Page UI layer. The root cause is an issue with improper restriction of rendered UI layers caused by manipulation of an unknown function, enabling remote exploitation. The PT-2025-33637 entry notes the vulnerable component and that exploit can be p...

CVE-2025-9108 Portabilis i-Diario Login Page ui layer

Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, arises from improper restrictions on the visible layers of the user interface. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to improper restrictions on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected informati...

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client relates to improper limitation of the number of user interface layers or frames displayed. This allows attackers to perform spoofing attacks.

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client is related to improper restrictions on the layers or frames that are displayed in the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

The vulnerability of the UI components in operating systems such as visionOS, iOS, iPadOS, macOS, and the Safari browser allows attackers to gain unauthorized access to confidential data.

The vulnerability of the UI components in operating systems such as visionOS, iOS, iPadOS, macOS, and the Safari browser is related to an improper limitation on the layers of the user interface that can be displayed. Exploiting this vulnerability may allow a remote attacker to gain unauthorized...

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client on Android operating systems stems from an improper limitation on the displayed layers of the user interface. This allows attackers to execute a type of attack known as tapjacking.

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client on Android operating systems is related to an improper limitation on the displayed layers of the user interface. Exploiting this vulnerability allows a remote attacker to perform a type of attack known as tapjacking...

The vulnerability of Firefox browser, related to improper limitation of the number of user interface layers or frames displayed, allows attackers to perform spoofing attacks.

The vulnerability of Firefox browsers is related to improper limitation of the number of user interface layers or frames that can be displayed. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

The vulnerability of the Mozilla Firefox browser on iOS operating systems relates to an improper limitation on the displayed layers of the user interface. This allows attackers to perform spoofing attacks.

The vulnerability of the Mozilla Firefox browser on iOS operating systems is related to an improper limitation on the visible layers of the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

The vulnerability of the Desigo Insight building management software lies in the improper restriction on the visible layers of the user interface. This allows a hacker to redirect users to any desired website.

The vulnerability of the Desigo Insight building management software is related to an improper limitation on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to redirect users to any desired website...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in improper restrictions on the displayed layers of the user interface, which allows attackers to perform spear-phishing attacks.

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an improper limitation on the visually displayed layers of the user interface. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...

The vulnerability of the Device OAuth protocol implementation on the software platform based on git for collaborative code development in GitLab EE/CE allows a perpetrator to gain unauthorized access to the API.

The vulnerability of the Device OAuth protocol implementation on the software platform based on Git for collaborative code development in GitLab EE/CE is related to an incorrect restriction on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor,...

The vulnerability of the full-screen mode of the Mozilla Firefox Focus browser on Android operating systems allows attackers to carry out spoofing attacks.

The vulnerability of Mozilla Firefox Focus’ full-screen mode on Android operating systems is related to an improper limitation on the number of user interface layers that can be displayed. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

The vulnerability of the Firefox web browser’s screenshot creation feature lies in the improper limitation of the visible layers of the user interface. This allows attackers to compromise the integrity of data.

The vulnerability in the Firefox web browser’s screenshot creation function is related to an incorrect limitation on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of data...