ReportizFlow
Filtered by vendor
Subscriptions
Total
376 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56436 | 1 Huawei | 1 Harmonyos | 2025-09-18 | 5.5 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-56435 | 1 Huawei | 1 Harmonyos | 2025-09-18 | 6.2 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-54112 | 1 Huawei | 1 Harmonyos | 2025-09-18 | 5.5 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-54110 | 1 Huawei | 1 Harmonyos | 2025-09-18 | 6.2 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-0546 | 2025-09-17 | 4.7 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This issue affects MevzuatTR: before 12.02.2025. | ||||
| CVE-2025-7903 | 1 Ruoyi | 1 Ruoyi | 2025-09-11 | 4.3 Medium |
| A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-32349 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-32350 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-1939 | 1 Mozilla | 1 Firefox | 2025-09-08 | 3.9 Low |
| Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136. | ||||
| CVE-2025-22417 | 1 Google | 1 Android | 2025-09-04 | 7.3 High |
| In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-22419 | 1 Google | 1 Android | 2025-09-04 | 7.3 High |
| In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-41000 | 1 Boomcms | 1 Boomcms | 2025-09-04 | N/A |
| Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers. | ||||
| CVE-2024-13066 | 1 Akinsoft | 1 Limondesk | 2025-09-04 | 4.3 Medium |
| Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking.This issue affects LimonDesk: from s1.02.14 before v1.02.17. | ||||
| CVE-2025-1494 | 1 Ibm | 1 Cognos Command Center | 2025-09-02 | 6.1 Medium |
| IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | ||||
| CVE-2024-3911 | 2025-08-28 | 6.5 Medium | ||
| An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. | ||||
| CVE-2025-36027 | 1 Ibm | 2 Datacap, Datacap Navigator | 2025-08-24 | 5.4 Medium |
| IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | ||||
| CVE-2025-54139 | 2 Haxtheweb, Psu | 4 Haxcms-nodejs, Haxcms-php, Haxcms-nodejs and 1 more | 2025-08-22 | 4.3 Medium |
| HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an iframe. This applies to both the CMS and generated sites. An unauthenticated attacker can load the standalone login page or other sensitive functionality within an iframe, performing a UI redressing attack (clickjacking). This can be used to perform social engineering attacks to attempt to coerce users into performing unintended actions within the HAX CMS application. This is fixed in haxcms-nodejs version 11.0.13 and haxcms-php 11.0.8. | ||||
| CVE-2025-53096 | 1 Lizardbyte | 1 Sunshine | 2025-08-22 | 5.4 Medium |
| Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. If a user is tricked into interacting (one or multiple clicks) with the malicious page while authenticated, they may unknowingly perform actions within the Sunshine application without their consent. This issue has been patched in version 2025.628.4510. | ||||
| CVE-2025-9108 | 1 Portabilis | 1 I-diario | 2025-08-18 | 4.3 Medium |
| Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely. | ||||
| CVE-2025-0362 | 1 Gitlab | 1 Gitlab | 2025-08-07 | 6.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf. | ||||