CWE-1021
Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.
376 vulnerabilities with CWE-1021
CVE-2024-11700
HIGH
Firefox < 133 - CSRF
CVSS 8.1
CVE-2024-11695
MEDIUM
Firefox < 133 & Thunderbird < 128.5 - Open Redirect
CVSS 5.4
CVE-2024-7404
MEDIUM
GitLab CE/EE <17.3.7-17.5.2 - Privilege Escalation
CVSS 6.8
CVE-2024-43084
MEDIUM
visitUris - Info Disclosure
CVSS 5.5
CVE-2024-10454
MEDIUM
Clibo Manager v1.1.9.12 - SSRF
CVSS 6.1
CVE-2024-10004
CRITICAL
Firefox for iOS < 131.2 - Info Disclosure
CVSS 9.1
CVE-2024-9397
MEDIUM
Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3 - CSRF
CVSS 6.1
CVE-2024-8388
MEDIUM
Firefox <121 - Info Disclosure
CVSS 5.3
CVE-2024-34743
HIGH
SurfaceFlinger - Privilege Escalation
CVSS 7.8
CVE-2024-7523
HIGH
Firefox < 129 - CSRF
CVSS 8.1
CVE-2024-7518
MEDIUM
Firefox < 129 - Spoofing
CVSS 6.5
CVE-2024-39320
MEDIUM
Discourse < 3.2.5 - Injection
CVSS 6.1
CVE-2024-40817
MEDIUM
macOS Sonoma <14.6 - Info Disclosure
CVSS 6.1
CVE-2024-31324
HIGH
WindowState.java - Privilege Escalation
CVSS 7.3
CVE-2024-31323
HIGH
Android - Privilege Escalation
CVSS 7.8
CVE-2024-2177
MEDIUM
GitLab CE/EE <16.11.5-17.1.1 - XSS
CVSS 6.8
CVE-2024-30109
LOW
HCL DRYiCE AEX - CSRF
CVSS 3.7
CVE-2024-33377
HIGH
LB-LINK BL-W1210M v2.0 - CSRF
CVSS 8.1
CVE-2024-5698
MEDIUM
Firefox < 127 - CSRF
CVSS 6.1
CVE-2024-2383
MEDIUM
zenml-io/zenml <0.55.5 - CSRF
CVSS 6.1
CVE-2024-4950
MEDIUM
Google Chrome <125.0.6422.60 - XSS
CVSS 6.5
CVE-2024-3911
MEDIUM
Welotec SMART EMS and VPN Security Suite <= 3.1.4 - Clickjacking
CVSS 6.5
CVE-2024-29981
MEDIUM
Microsoft Edge < - SSRF
CVSS 4.3
CVE-2024-2613
HIGH
Firefox < 124 - Memory Corruption
CVSS 7.5
CVE-2024-28196
MEDIUM
YourSpotify <1.9.0 - CSRF
CVSS 6.5
Details
Vulnerabilities
376