CWE-1021
Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.
376 vulnerabilities with CWE-1021
CVE-2026-3254
LOW
Improper Restriction of Rendered UI Layers or Frames in GitLab
CVSS 3.5
CVE-2026-32187
MEDIUM
Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
CVSS 4.2
CVE-2026-2378
HIGH
Address bar spoofing risk in ArcSearch on Android
CVSS 7.4
CVE-2026-0007
HIGH
WindowInfo.cpp - Privilege Escalation
CVSS 8.6
CVE-2026-27511
MEDIUM
Shenzhen Tenda F3 V12.01.01.55 - Clickjacking
CVSS 4.3
CVE-2026-26000
MEDIUM
XWiki Platform <17.9.0, <17.4.6, <16.10.13 - XSS
CVSS 6.1
CVE-2026-20645
MEDIUM
iOS <26.3 & iPadOS <26.3 - Info Disclosure
CVSS 4.6
CVE-2026-24839
MEDIUM
Dokploy <0.26.6 - CSRF
CVSS 4.7
CVE-2026-23731
MEDIUM
WeGIA <3.6.2 - CSRF
CVSS 4.3
CVE-2026-22918
MEDIUM
Web Application - CSRF
CVSS 4.3
CVE-2025-62328
LOW
HCL Nomad Server - Info Disclosure
CVSS 3.7
CVE-2025-58405
MEDIUM
CGM CLININET - Clickjacking
CVSS 6.1
CVE-2025-15032
HIGH
Dia <1.9.0 - XSS
CVSS 7.4
CVE-2025-52987
MEDIUM
Juniper Networks Paragon Automation <24.1.1 - CSRF
CVSS 6.1
CVE-2025-65922
MEDIUM
PLANKA 2.0.0 - CSRF
CVSS 4.3
CVE-2025-14812
HIGH
ArcSearch <1.45.2 - CSRF
CVSS 7.5
CVE-2025-14809
HIGH
ArcSearch <1.12.6 - CSRF
CVSS 7.4
CVE-2025-59849
MEDIUM
HCL BigFix Remote Control Lite Web Portal <10.1.0.0326 - XSS
CVSS 4.7
CVE-2025-59479
MEDIUM
CHOCO TEI WATCHER mini - Info Disclosure
CVSS 6.1
CVE-2025-14373
MEDIUM
Google Chrome <143.0.7499.110 - SSRF
CVSS 4.3
CVE-2025-48639
HIGH
Java - Privilege Escalation
CVSS 7.3
CVE-2025-48597
HIGH
Multiple Locations - Privilege Escalation
CVSS 7.8
CVE-2025-63522
MEDIUM
FeehiCMS 2.1.1 - CSRF
CVSS 4.6
CVE-2025-36149
MEDIUM
IBM Concert Software <2.0.0 - CSRF
CVSS 6.3
CVE-2025-13132
HIGH
Browser - Info Disclosure
CVSS 7.4
Details
Vulnerabilities
376