ReportizFlow
Filtered by vendor
Subscriptions
Total
380 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52658 | 1 Hcltech | 1 Dryice Myxalytics | 2025-10-08 | 3.5 Low |
| HCL MyXalytics 6.6. product is affected by Use of Vulnerable/Outdated Versions Vulnerability | ||||
| CVE-2025-28129 | 2025-10-06 | 5.4 Medium | ||
| Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking. | ||||
| CVE-2025-57769 | 1 Freshrss | 1 Freshrss | 2025-10-03 | 6.1 Medium |
| FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possible, this may lead to privilege escalation via obscuring the promote user button in the admin UI or XSS by tricking the user to drag content into the UserJS text area. This is fixed in version 1.27.0 | ||||
| CVE-2025-59950 | 1 Freshrss | 1 Freshrss | 2025-10-03 | 6.7 Medium |
| FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection (confirmation dialog), it is possible to trick the admin into clicking the Promote button in another user's management page after the admin double clicks on a button inside an attacker-controlled website. A successful attack can allow the attacker to promote themselves to "admin" and log into other users' accounts; the attacker has to know the specific instance URL they're targeting. This issue is fixed in version 1.27.0. | ||||
| CVE-2025-1939 | 1 Mozilla | 1 Firefox | 2025-09-30 | 3.9 Low |
| Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136. | ||||
| CVE-2024-56436 | 1 Huawei | 1 Harmonyos | 2025-09-27 | 5.5 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-56435 | 1 Huawei | 1 Harmonyos | 2025-09-27 | 6.2 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-4956 | 1 Redhat | 1 Quay | 2025-09-25 | 6.5 Medium |
| A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance. | ||||
| CVE-2024-54112 | 1 Huawei | 1 Harmonyos | 2025-09-18 | 5.5 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-54110 | 1 Huawei | 1 Harmonyos | 2025-09-18 | 6.2 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-0546 | 2025-09-17 | 4.7 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This issue affects MevzuatTR: before 12.02.2025. | ||||
| CVE-2025-7903 | 1 Ruoyi | 1 Ruoyi | 2025-09-11 | 4.3 Medium |
| A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-32349 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-32350 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22417 | 1 Google | 1 Android | 2025-09-04 | 7.3 High |
| In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-22419 | 1 Google | 1 Android | 2025-09-04 | 7.3 High |
| In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-41000 | 1 Boomcms | 1 Boomcms | 2025-09-04 | N/A |
| Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers. | ||||
| CVE-2024-13066 | 1 Akinsoft | 1 Limondesk | 2025-09-04 | 4.3 Medium |
| Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking.This issue affects LimonDesk: from s1.02.14 before v1.02.17. | ||||
| CVE-2025-1494 | 1 Ibm | 1 Cognos Command Center | 2025-09-02 | 6.1 Medium |
| IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | ||||
| CVE-2024-3911 | 2025-08-28 | 6.5 Medium | ||
| An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. | ||||