Weaknesses of type CWE-1021
189 resultsCVE-2025-32385MEDIUMEspoCRM allows unrestricted Embedding in Iframe dashletEPSS 0.2%CVE-2025-62328LOWHCL Nomad server on Domino is affected by a missing default frame-ancestors directiveEPSS 0.2%CVE-2025-52987MEDIUMParagon Automation: A clickjacking vulnerability in the web server configuration has been addressedEPSS 0.2%CVE-2025-7903MEDIUMyangzongzhuan RuoYi Image Source ui layerEPSS 0.2%CVE-2026-44727CRITICALJupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSPEPSS 0.2%CVE-2025-15032HIGHCVE-2025-15032: Increased Spoofing risk; custom new window missing about:blankEPSS 0.2%CVE-2025-54527MEDIUMIn JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allowEPSS 0.2%CVE-2025-0546MEDIUMXSS in Mevzuattr Software's MevzuatTREPSS 0.2%CVE-2025-1940HIGHAndroid Intent confirmation prompt tapjacking using Select optionsEPSS 0.2%CVE-2025-6434MEDIUMHTTPS-Only exception screen lacked anti-clickjacking delayEPSS 0.2%CVE-2022-20214MEDIUMIn Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle buttonEPSS 0.2%CVE-2023-42011MEDIUMIBM Sterling B2B Integrator Standard Edition tapjackingEPSS 0.2%CVE-2026-10733MEDIUMImproper Restriction of Rendered UI Layers or Frames in GitLabEPSS 0.2%CVE-2024-10454MEDIUMClickjacking vulnerability in Clibo ManagerEPSS 0.2%CVE-2025-31138MEDIUMtarteaucitron.js allows UI manipulation via unrestricted CSS injectionEPSS 0.2%CVE-2025-5267MEDIUMClickjacking vulnerability could have led to leaking saved payment card detailsEPSS 0.2%CVE-2025-53096MEDIUMSunshine clickjacking in the UI leads to unauthorized actions being performedEPSS 0.2%CVE-2026-27511MEDIUMTenda F3 Clickjacking in Web Management InterfaceEPSS 0.2%CVE-2025-13132HIGHDia: Increased Spoof Risk; Missing full screen toastEPSS 0.2%CVE-2025-1923MEDIUMInappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to instaEPSS 0.2%