CWE-1021
Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.
388 vulnerabilities with CWE-1021
CVE-2025-1494
MEDIUM
IBM Cognos Command Center 10.2.4.1-10.2.5 - CSRF
CVSS 6.1
CVE-2025-9108
MEDIUM
Portabilis i-Diario - Clickjacking via Login Page
CVSS 4.3
CVE-2025-54527
MEDIUM
JetBrains YouTrack <2025.2.86935-2025.3.87344 - CSRF
CVSS 6.1
CVE-2025-54139
MEDIUM
HAX CMS NodeJS and PHP - Clickjacking UI Redressing
CVSS 4.3
CVE-2025-7903
MEDIUM
yangzongzhuan RuoYi <4.8.1 - Improper Restriction of Rendered UI La...
CVSS 4.3
CVE-2025-6983
MEDIUM
TP-Link Archer C1200 <= 1.1.5 - XSS
CVE-2025-27455
MEDIUM
meac300-fnade4_firmware < 0.16.0 - Clickjacking via Unrestricted UI Layer Embedding
CVSS 4.3
CVE-2025-53096
MEDIUM
lizardbyte/sunshine < 2025.628.4510 - Clickjacking via Web UI iframe Embedding
CVSS 5.4
CVE-2025-36027
MEDIUM
IBM Datacap 9.1.7-9.1.9 - Clickjacking
CVSS 5.4
CVE-2025-6557
MEDIUM
Google Chrome < 138.0.7204.49 - Remote Code Execution via DevTools UI Gesture
CVSS 5.4
CVE-2025-6434
MEDIUM
Firefox < 140.0 - Clickjacking via HTTPS-Only Exception Page
CVSS 4.3
CVE-2025-49192
MEDIUM
SICK Field Analytics - Clickjacking via Unrestricted UI Layer Embedding
CVSS 4.3
CVE-2025-49191
MEDIUM
Sick Field Analytics - Code Execution via iFrame Widget URLs
CVSS 4.8
CVE-2025-49139
MEDIUM
HAX CMS PHP < 11.0.0 - Website Block Credential Phishing
CVSS 5.3
CVE-2025-5267
MEDIUM
Firefox < 139 - Thunderbird < 128.11 - Info Disclosure
CVSS 5.4
CVE-2025-43854
MEDIUM
DIFY < 0.6.8 - Clickjacking via Unrestricted UI Layer Rendering
CVSS 6.1
CVE-2025-32385
MEDIUM
EspoCRM < 9.0.5 - Unauthenticated Iframe Injection via Dashlet
CVSS 5.3
CVE-2025-0362
MEDIUM
GitLab CE/EE <17.8.7-17.10.4 - CSRF
CVSS 6.4
CVE-2025-25213
MEDIUM
Wi-Fi AP UNIT AC-WPS-11ac - Info Disclosure
CVSS 6.5
CVE-2025-31138
MEDIUM
tarteaucitron.js <1.20.1 - XSS
CVSS 5.5
CVE-2025-24310
MEDIUM
HMI ViewJet C-more - Info Disclosure
CVSS 4.3
CVE-2025-1923
MEDIUM
Google Chrome < 134.0.6998.35 - UI Spoofing via Malicious Extension Permission Prompts
CVSS 4.3
CVE-2025-1917
MEDIUM
Google Chrome <134.0.6998.35 - CSRF
CVSS 4.3
CVE-2025-1940
HIGH
Firefox < 136.0 - UI Spoofing via Select Option Overlay
CVSS 7.1
CVE-2025-24874
MEDIUM
SAP Commerce (Backoffice) - Info Disclosure
CVSS 6.8
Details
Vulnerabilities
388