Total
350 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36182 | 1 Hashicorp | 1 Boundary | 2025-05-07 | 6.1 Medium |
| Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site. | ||||
| CVE-2022-42799 | 4 Apple, Debian, Fedoraproject and 1 more | 9 Ipados, Iphone Os, Macos and 6 more | 2025-05-05 | 6.1 Medium |
| The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. | ||||
| CVE-2024-26167 | 1 Microsoft | 1 Edge | 2025-05-03 | 4.3 Medium |
| Microsoft Edge for Android Spoofing Vulnerability | ||||
| CVE-2024-29981 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2022-34318 | 1 Ibm | 1 Cics Tx | 2025-04-30 | 5.4 Medium |
| IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229461. | ||||
| CVE-2025-43854 | 2025-04-29 | N/A | ||
| DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to unauthorized actions being performed, potentially compromising the security and privacy of users. This issue has been fixed in version 1.3.0. | ||||
| CVE-2024-20810 | 1 Samsung | 1 Android | 2025-04-24 | 3.3 Low |
| Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information. | ||||
| CVE-2024-57369 | 1 Typecho | 1 Typecho | 2025-04-23 | 6.4 Medium |
| Clickjacking vulnerability in typecho v1.2.1. | ||||
| CVE-2022-24733 | 1 Sylius | 1 Sylius | 2025-04-23 | 6.1 Medium |
| Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: ``sameorigin``. To achieve that, add a new `subscriber` in the app. | ||||
| CVE-2022-3260 | 1 Redhat | 1 Openshift | 2025-04-23 | 4.8 Medium |
| The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. | ||||
| CVE-2022-20442 | 1 Google | 1 Android | 2025-04-22 | 7.3 High |
| In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level < 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-176094367 | ||||
| CVE-2022-20501 | 1 Google | 1 Android | 2025-04-22 | 7.3 High |
| In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933359 | ||||
| CVE-2022-46061 | 1 Aerocms Project | 1 Aerocms | 2025-04-22 | 6.1 Medium |
| AeroCMS v0.0.1 is vulnerable to ClickJacking. | ||||
| CVE-2022-46695 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | 6.5 Medium |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing. | ||||
| CVE-2017-11290 | 1 Adobe | 1 Connect | 2025-04-20 | N/A |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks. | ||||
| CVE-2017-5026 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page. | ||||
| CVE-2017-0492 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 7.1.1. Android ID: A-30150688. | ||||
| CVE-2017-4015 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-20 | 4.5 Medium |
| Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header. | ||||
| CVE-2017-5697 | 1 Intel | 1 Active Management Technology Firmware | 2025-04-20 | 6.5 Medium |
| Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page. | ||||
| CVE-2017-5016 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page. | ||||