Total
344 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40268 | 1 Mitsubishielectric | 5 Gt25, Gt25 Firmware, Gt27 and 2 more | 2025-03-26 | 6.1 Medium |
| Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking. | ||||
| CVE-2025-1935 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-03-25 | 4.3 Medium |
| A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2023-0780 | 1 Agentejo | 1 Cockpit | 2025-03-24 | 5.4 Medium |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. | ||||
| CVE-2024-9397 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-03-18 | 6.1 Medium |
| A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | ||||
| CVE-2024-31324 | 1 Google | 1 Android | 2025-03-15 | 7.8 High |
| In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-7523 | 1 Mozilla | 1 Firefox | 2025-03-14 | 6.3 Medium |
| A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129. | ||||
| CVE-2024-40817 | 1 Apple | 2 Macos, Safari | 2025-03-14 | 6.1 Medium |
| The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing. | ||||
| CVE-2024-5698 | 1 Mozilla | 1 Firefox | 2025-03-14 | 5.4 Medium |
| By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127. | ||||
| CVE-2024-43084 | 1 Google | 1 Android | 2025-03-13 | 6.2 Medium |
| In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2021-29827 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-03-12 | 5.2 Medium |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | ||||
| CVE-2022-32891 | 2 Apple, Redhat | 5 Iphone Os, Safari, Tvos and 2 more | 2025-03-11 | 6.1 Medium |
| The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | ||||
| CVE-2024-1890 | 1 Sma | 2 Sunny Webbox, Sunny Webbox Firmware | 2025-03-11 | 6.4 Medium |
| Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier. | ||||
| CVE-2025-1939 | 2025-03-05 | 3.9 Low | ||
| Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136. | ||||
| CVE-2025-1923 | 2025-03-05 | 4.3 Medium | ||
| Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2025-1917 | 2025-03-05 | 4.3 Medium | ||
| Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-1940 | 2025-03-04 | 7.1 High | ||
| A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 136. | ||||
| CVE-2023-1362 | 1 Bumsys Project | 1 Bumsys | 2025-02-27 | 6.1 Medium |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2. | ||||
| CVE-2024-2613 | 1 Mozilla | 1 Firefox | 2025-02-25 | 7.5 High |
| Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. | ||||
| CVE-2024-49796 | 1 Ibm | 1 Applinx | 2025-02-22 | 5.4 Medium |
| IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | ||||
| CVE-2025-24874 | 2025-02-18 | 6.8 Medium | ||
| SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the frame-ancestors CSP directive. Hence, clickjacking could become possible then, and lead to exposure and modification of sensitive information. | ||||