19 matches found
EUVD-2026-9879
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...
EUVD-2022-35186
Malicious code in bioql PyPI...
CVE-2023-0780
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev...
CVE-2021-3799
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames...
CVE-2022-1803
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2...
WordPress plugin Jetpack 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Design/Logic Flaw
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request...
Brave Browser Security Vulnerability
Brave Browser Tor Window is a software application. Achieve outstanding speed, security and privacy by blocking tracking programs. A security vulnerability exists in Brave Browser versions prior to 1.59.40 that stems from the browser's inability to properly restrict WebUI factory and redirect...
PT-2023-9615 · Cisco · Cisco Rv042 +3
Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV042, RV042G, RV320, and RV325 Routers affected versions not specified Description: The issue is related to insufficient validation of user input in incoming HTTP packets, which can lead to a buffer overflow in memory...
PT-2023-6205 · Oracle · Oracle Enterprise Session Border Controller
Name of the Vulnerable Software and Affected Versions: Oracle Enterprise Session Border Controller versions 9.0 through 9.2 Description: The issue is related to insufficient input validation in the Web UI component. It allows an unauthenticated attacker with network access via HTTPS to compromise...
CVE-2023-1362 Improper Restriction of Rendered UI Layers or Frames in unilogies/bumsys
Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2...
CVE-2023-0780 Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev...
Improper Restriction of Rendered UI Layers or Frames in Sylius
Impact It is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker Patches The issue is fixed in...
HackerOne: [Bypass] Ability to invite a new member in sandbox Organization
Summary: Able to bypass the restriction set in Organization sandbox automatically created when you created sandbox program to send an invite to another security researcher. Description: In the default UI of sandboxHackerone Organization, inviting another security researcher is restricted ex.:...
Improper Restriction of Rendered UI Layers or Frames in yourls
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames...
Schneider Electric Easergy T300
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Easergy T300 Vulnerability : Missing Authentication for Critical Function, Missing Authorization, Missing Encryption of Sensitive Data, Improper Restriction of Rendered UI Layers or Frames 2...
CVE-2020-5679
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...
CVE-2020-9517
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks...
Input validation
Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors...