457 matches found
GHSA-7WW3-XVF5-CXWM ciguard: Web UI is missing HTTP defence-in-depth headers
Summary ciguard's FastAPI Web UI src/ciguard/web/app.py does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing Content-Security-Policy Medium, X-Frame-Options Medium, Sub-Resource-Integrity on /api/docs Medium, COOP / COEP / CORP Low, Permissions-Policy Low...
CVE-2021-27003
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack...
GHSA-3MJM-X6GW-2X42 @grackle-ai/server has Missing Content-Security-Policy and X-Frame-Options Headers
Impact The HTTP server does not set Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options headers on any response. This reduces defense-in-depth against XSS, clickjacking, and MIME-sniffing attacks. While the current XSS attack surface is small React-markdown is configured safely, n...
CVE-2026-27511
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...
CVE-2026-27511 Tenda F3 Clickjacking in Web Management Interface
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...
CVE-2026-23731
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...
CVE-2026-23731 WeGIA Clickjacking Vulnerability
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...
CVE-2026-23731 WeGIA Clickjacking Vulnerability
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...
CVE-2025-52987
A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation Pathfinder, Planner, Insights due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting wit...
CVE-2025-52987
CVE-2025-52987 is a clickjacking vulnerability in Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) caused by the web portal failing to set proper X-Frame-Options and X-Content-Type headers. Affected are all Paragon Automation versions prior to 24.1.1. Practical impact described...
EUVD-2026-2709
A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation Pathfinder, Planner, Insights due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting wit...
CVE-2019-11464
Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and...
CVE-2013-6772
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking...
CVE-2025-65922
PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka applicati...
EUVD-2018-0792
Malware in sbrugna...
EUVD-2012-4322
Malware in sbrugna...
EUVD-2018-19220
Malware in sbrugna...
EUVD-2015-5179
Malware in sbrugna...
EUVD-2015-2942
Malware in sbrugna...
EUVD-2020-5445
Malware in sbrugna...