Common Weakness Enumeration

CWE-1021

Allowed

Improper Restriction of Rendered UI Layers or Frames

Abstraction: Base · Status: Incomplete

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

451 vulnerabilities reference this CWE, most recent first.

CVE-2026-58595 (GCVE-0-2026-58595)

Vulnerability from cvelistv5 – Published: 2026-07-14 17:05 – Updated: 2026-07-14 19:37
VLAI
Title
Microsoft Bing App for IOS Spoofing Vulnerability
Summary
Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network.
CWE
  • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
Impacted products
Vendor Product Version
Microsoft Microsoft Bing Search for iOS Affected: 1.0 , < 33.4.440529002 (custom)
Create a notification for this product.
Date Public
2026-07-14 14:00
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Microsoft Bing Search for iOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "33.4.440529002",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:bing_search:*:*:*:*:*:ios:*:*",
                  "versionEndExcluding": "33.4.440529002",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-07-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T19:37:35.731Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Bing App for IOS Spoofing Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58595"
        }
      ],
      "title": "Microsoft Bing App for IOS Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-58595",
    "datePublished": "2026-07-14T17:05:27.106Z",
    "dateReserved": "2026-07-01T18:03:43.124Z",
    "dateUpdated": "2026-07-14T19:37:35.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44727 (GCVE-0-2026-44727)

Vulnerability from cvelistv5 – Published: 2026-06-22 19:56 – Updated: 2026-07-15 00:53
VLAI
Title
Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
Summary
Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44727",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T12:15:20.487628Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-23T12:15:27.263Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:migration_toolkit_applications:8"
            ],
            "defaultStatus": "affected",
            "packageName": "mta/mta-solution-server-rhel9",
            "product": "Migration Toolkit for Applications 8",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-th06-cpu-torch210-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "unaffected",
            "packageName": "rhoai/odh-th06-cpu-torch291-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-th06-cuda130-torch210-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "unaffected",
            "packageName": "rhoai/odh-th06-cuda130-torch291-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-th06-rocm64-torch291-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-workbench-jupyter-minimal-cpu-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-workbench-jupyter-minimal-cuda-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-workbench-jupyter-minimal-rocm-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-06-22T19:56:56.776Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Jupyter Server. The nbconvert HTTP handlers in Jupyter Server render user-authored notebook HTML without a sandbox directive in their Content-Security-Policy. This, combined with nbconvert.HTMLExporter\u0027s default non-sanitizing behavior, allows a notebook containing an HTML payload to trigger a stored Cross-Site Scripting (XSS) vulnerability. A remote attacker could exploit this to gain cookie access, full API authority, and achieve kernel Remote Code Execution (RCE)."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T00:53:16.447Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-44727"
          },
          {
            "name": "RHBZ#2491516",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491516"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44727.json"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-22T21:00:50.127Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-06-22T19:56:56.776Z",
            "value": "Made public."
          }
        ],
        "title": "jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jupyter_server",
          "vendor": "jupyter-server",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.20"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter\u0027s default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-22T19:56:56.776Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-fcw5-x6j4-ccmp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-fcw5-x6j4-ccmp"
        },
        {
          "name": "https://github.com/jupyter-server/jupyter_server/commit/6cbee8d65e71abac851c4492fea987ad080580bd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jupyter-server/jupyter_server/commit/6cbee8d65e71abac851c4492fea987ad080580bd"
        }
      ],
      "source": {
        "advisory": "GHSA-fcw5-x6j4-ccmp",
        "discovery": "UNKNOWN"
      },
      "title": "Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44727",
    "datePublished": "2026-06-22T19:56:56.776Z",
    "dateReserved": "2026-05-07T18:04:17.309Z",
    "dateUpdated": "2026-07-15T00:53:16.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27511 (GCVE-0-2026-27511)

Vulnerability from cvelistv5 – Published: 2026-02-23 16:25 – Updated: 2026-05-11 23:11
VLAI
Title
Tenda F3 Clickjacking in Web Management Interface
Summary
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an authenticated administrator into unintended interactions that may result in unauthorized configuration changes.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
Impacted products
Vendor Product Version
Shenzhen Tenda Technology Co., Ltd. Tenda F3 Affected: 0 , ≤ 12.01.01.55_multi (custom)
Create a notification for this product.
Credits
Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27511",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-23T18:38:40.099975Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-23T18:40:25.503Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Tenda F3",
          "vendor": "Shenzhen Tenda Technology Co., Ltd.",
          "versions": [
            {
              "lessThanOrEqual": "12.01.01.55_multi",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:tenda:f3_firmware:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "12.01.01.55_multi",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Shenzhen Tenda F3 \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWireless Router\u003c/span\u003e\u0026nbsp;firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an authenticated administrator into unintended interactions that may result in unauthorized configuration changes."
            }
          ],
          "value": "Shenzhen Tenda F3 Wireless Router\u00a0firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an authenticated administrator into unintended interactions that may result in unauthorized configuration changes."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T23:11:24.997Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tendacn.com/product/F3"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/tenda-f3-clickjacking-in-web-management-interface"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Tenda F3 Clickjacking in Web Management Interface",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-27511",
    "datePublished": "2026-02-23T16:25:49.077Z",
    "dateReserved": "2026-02-19T19:51:07.328Z",
    "dateUpdated": "2026-05-11T23:11:24.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-26000 (GCVE-0-2026-26000)

Vulnerability from cvelistv5 – Published: 2026-02-12 20:30 – Updated: 2026-02-12 20:54
VLAI
Title
XWiki Platform affected by click-jacking through CSS injection in comments
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in 17.9.0, 17.4.6, and 16.10.13.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
Impacted products
Vendor Product Version
xwiki xwiki-platform Affected: >= 17.5.0, < 17.9.0
Affected: >= 17.0.0-rc-1, < 17.4.6
Affected: < 16.10.13
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26000",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T20:54:20.382398Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-12T20:54:45.754Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 17.5.0, \u003c  17.9.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 17.0.0-rc-1, \u003c 17.4.6"
            },
            {
              "status": "affected",
              "version": "\u003c 16.10.13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it\u0027s possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in 17.9.0, 17.4.6, and 16.10.13."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-12T20:30:07.263Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-74rh-c5rh-88vg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-74rh-c5rh-88vg"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.4.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.4.6"
        }
      ],
      "source": {
        "advisory": "GHSA-74rh-c5rh-88vg",
        "discovery": "UNKNOWN"
      },
      "title": "XWiki Platform affected by click-jacking through CSS injection in comments"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-26000",
    "datePublished": "2026-02-12T20:30:07.263Z",
    "dateReserved": "2026-02-09T17:41:55.859Z",
    "dateUpdated": "2026-02-12T20:54:45.754Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24839 (GCVE-0-2026-24839)

Vulnerability from cvelistv5 – Published: 2026-01-28 00:01 – Updated: 2026-01-28 15:02
VLAI
Title
Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers
Summary
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Version 0.26.6 patches the issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
Impacted products
Vendor Product Version
Dokploy dokploy Affected: < 0.26.6
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24839",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-28T15:01:38.667953Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-28T15:02:29.344Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dokploy",
          "vendor": "Dokploy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.26.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Version 0.26.6 patches the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T00:01:49.253Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-c94j-8wgf-2q9q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-c94j-8wgf-2q9q"
        },
        {
          "name": "https://github.com/Dokploy/dokploy/pull/3500",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Dokploy/dokploy/pull/3500"
        },
        {
          "name": "https://github.com/Dokploy/dokploy/commit/9714695d5a78fe24496f989ab81807ba04699df8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Dokploy/dokploy/commit/9714695d5a78fe24496f989ab81807ba04699df8"
        }
      ],
      "source": {
        "advisory": "GHSA-c94j-8wgf-2q9q",
        "discovery": "UNKNOWN"
      },
      "title": "Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-24839",
    "datePublished": "2026-01-28T00:01:49.253Z",
    "dateReserved": "2026-01-27T14:51:03.059Z",
    "dateUpdated": "2026-01-28T15:02:29.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-23731 (GCVE-0-2026-23731)

Vulnerability from cvelistv5 – Published: 2026-01-16 19:50 – Updated: 2026-01-16 20:31
VLAI
Title
WeGIA Clickjacking Vulnerability
Summary
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with frame-ancestors directive is not configured. Because of this, an attacker can load any WeGIA page inside a malicious HTML document, overlay deceptive elements, hide real buttons, or force accidental interaction with sensitive workflows. This vulnerability is fixed in 3.6.2.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
Impacted products
Vendor Product Version
LabRedesCefetRJ WeGIA Affected: < 3.6.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23731",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T20:31:08.164525Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T20:31:29.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WeGIA",
          "vendor": "LabRedesCefetRJ",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with frame-ancestors directive is not configured. Because of this, an attacker can load any WeGIA page inside a malicious HTML document, overlay deceptive elements, hide real buttons, or force accidental interaction with sensitive workflows. This vulnerability is fixed in 3.6.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T19:50:16.344Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-99qp-hjvh-c59q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-99qp-hjvh-c59q"
        },
        {
          "name": "https://github.com/LabRedesCefetRJ/WeGIA/pull/1333",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/LabRedesCefetRJ/WeGIA/pull/1333"
        },
        {
          "name": "https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2"
        }
      ],
      "source": {
        "advisory": "GHSA-99qp-hjvh-c59q",
        "discovery": "UNKNOWN"
      },
      "title": "WeGIA Clickjacking Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-23731",
    "datePublished": "2026-01-16T19:50:16.344Z",
    "dateReserved": "2026-01-15T15:45:01.956Z",
    "dateUpdated": "2026-01-16T20:31:29.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22918 (GCVE-0-2026-22918)

Vulnerability from cvelistv5 – Published: 2026-01-15 13:08 – Updated: 2026-01-15 14:36
VLAI
Summary
An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
URL Tags
https://sick.com/psirt x_SICK PSIRT Security Advisories
https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
https://www.sick.com/.well-known/csaf/white/2026/… x_The canonical URL.
https://www.sick.com/.well-known/csaf/white/2026/… vendor-advisory
Impacted products
Vendor Product Version
SICK AG TDC-X401GL Affected: all versions (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22918",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T14:35:41.085453Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T14:36:41.215Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "TDC-X401GL",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all versions",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.\u003c/p\u003e"
            }
          ],
          "value": "An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T13:08:02.039Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "tags": [
            "x_SICK PSIRT Security Advisories"
          ],
          "url": "https://sick.com/psirt"
        },
        {
          "tags": [
            "x_SICK Operating Guidelines"
          ],
          "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
        },
        {
          "tags": [
            "x_ICS-CERT recommended practices on Industrial Security"
          ],
          "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
        },
        {
          "tags": [
            "x_CVSS v3.1 Calculator"
          ],
          "url": "https://www.first.org/cvss/calculator/3.1"
        },
        {
          "tags": [
            "x_The canonical URL."
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf"
        }
      ],
      "source": {
        "advisory": "SCA-2026-0001",
        "discovery": "INTERNAL"
      },
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.\u003c/p\u003e"
            }
          ],
          "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices."
        }
      ],
      "x_generator": {
        "engine": "csaf2cve 0.2.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2026-22918",
    "datePublished": "2026-01-15T13:08:02.039Z",
    "dateReserved": "2026-01-13T09:11:12.759Z",
    "dateUpdated": "2026-01-15T14:36:41.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21785 (GCVE-0-2026-21785)

Vulnerability from cvelistv5 – Published: 2026-05-27 20:15 – Updated: 2026-05-28 13:13
VLAI
Title
HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy
Summary
A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1021 - Improper restriction of rendered UI layers or frames
Assigner
HCL
Impacted products
Vendor Product Version
HCLSoftware BigFix Remote Control Server Affected: <= versions 10.1.0.0442
Create a notification for this product.
Date Public
2026-05-27 20:15
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21785",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T13:12:44.221065Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T13:13:55.021Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BigFix Remote Control Server",
          "vendor": "HCLSoftware",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= versions 10.1.0.0442"
            }
          ]
        }
      ],
      "datePublic": "2026-05-27T20:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources."
            }
          ],
          "value": "A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021 Improper restriction of rendered UI layers or frames",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T20:15:56.441Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0130581"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2026-21785",
    "datePublished": "2026-05-27T20:15:56.441Z",
    "dateReserved": "2026-01-05T16:08:02.276Z",
    "dateUpdated": "2026-05-28T13:13:55.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12348 (GCVE-0-2026-12348)

Vulnerability from cvelistv5 – Published: 2026-06-16 19:54 – Updated: 2026-06-17 15:03
VLAI
Title
Address Bar Spoofing in Arc Search for Android (window.open race condition)
Summary
Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1021 - Improper restriction of rendered UI layers or frames
Assigner
References
Impacted products
Vendor Product Version
The Browser Company of New York` Arc Search Unaffected: 0 , ≤ 1.12.8 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-12348",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T15:03:19.951325Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T15:03:25.893Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Android"
          ],
          "product": "Arc Search",
          "vendor": "The Browser Company of New York`",
          "versions": [
            {
              "lessThanOrEqual": "1.12.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.\u003cbr\u003e"
            }
          ],
          "value": "Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Address bar spoofing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021 Improper restriction of rendered UI layers or frames",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T19:54:06.194Z",
        "orgId": "59469e6c-7ea7-446f-8e43-06aa32c115e8",
        "shortName": "BCNY"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/3705306"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Address Bar Spoofing in Arc Search for Android (window.open race condition)",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "59469e6c-7ea7-446f-8e43-06aa32c115e8",
    "assignerShortName": "BCNY",
    "cveId": "CVE-2026-12348",
    "datePublished": "2026-06-16T19:54:06.194Z",
    "dateReserved": "2026-06-15T20:22:24.728Z",
    "dateUpdated": "2026-06-17T15:03:25.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10733 (GCVE-0-2026-10733)

Vulnerability from cvelistv5 – Published: 2026-06-11 10:19 – Updated: 2026-06-11 12:40
VLAI
Title
Improper Restriction of Rendered UI Layers or Frames in GitLab
Summary
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
Impacted products
Vendor Product Version
GitLab GitLab Affected: 17.0 , < 18.10.8 (semver)
Affected: 18.11 , < 18.11.5 (semver)
Affected: 19.0 , < 19.0.2 (semver)
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
This vulnerability has been discovered internally by GitLab team member Miguel Jimeno
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10733",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-11T12:40:15.077741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-11T12:40:20.729Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.10.8",
              "status": "affected",
              "version": "17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "18.11.5",
              "status": "affected",
              "version": "18.11",
              "versionType": "semver"
            },
            {
              "lessThan": "19.0.2",
              "status": "affected",
              "version": "19.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This vulnerability has been discovered internally by GitLab team member Miguel Jimeno"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-11T10:19:27.101Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/600446"
        },
        {
          "url": "https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 18.10.8, 18.11.5, 19.0.2 or above."
        }
      ],
      "title": "Improper Restriction of Rendered UI Layers or Frames in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-10733",
    "datePublished": "2026-06-11T10:19:27.101Z",
    "dateReserved": "2026-06-03T12:34:00.436Z",
    "dateUpdated": "2026-06-11T12:40:20.729Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Implementation
  • The use of X-Frame-Options allows developers of web content to restrict the usage of their application within the form of overlays, frames, or iFrames. The developer can indicate from which domains can frame the content.
  • The concept of X-Frame-Options is well documented, but implementation of this protection mechanism is in development to cover gaps. There is a need for allowing frames from multiple domains.
Mitigation
Implementation
  • A developer can use a "frame-breaker" script in each page that should not be framed. This is very helpful for legacy browsers that do not support X-Frame-Options security feature previously mentioned.
  • It is also important to note that this tactic has been circumvented or bypassed. Improper usage of frames can persist in the web application through nested frames. The "frame-breaking" script does not intuitively account for multiple nested frames that can be presented to the user.
Mitigation
Implementation

This defense-in-depth technique can be used to prevent the improper usage of frames in web applications. It prioritizes the valid sources of data to be loaded into the application through the usage of declarative policies. Based on which implementation of Content Security Policy is in use, the developer should use the "frame-ancestors" directive or the "frame-src" directive to mitigate this weakness. Both directives allow for the placement of restrictions when it comes to allowing embedded content.

Mitigation
Implementation

In addition to frames or iframes as previously mentioned, the web application is expected to place restrictions on whether it is allowed to be rendered within objects, embed, or applet elements.

CAPEC-103: Clickjacking

An adversary tricks a victim into unknowingly initiating some action in one system while interacting with the UI from a seemingly completely different, usually an adversary controlled or intended, system.

CAPEC-181: Flash File Overlay

An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique, the Flash file provides a transparent overlay over HTML content. Because the Flash application is on top of the content, user actions, such as clicks, are caught by the Flash application rather than the underlying HTML. The action is then interpreted by the overlay to perform the actions the attacker wishes.

CAPEC-222: iFrame Overlay

In an iFrame overlay attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from seemingly completely different system.

CAPEC-504: Task Impersonation

An adversary, through a previously installed malicious application, impersonates an expected or routine task in an attempt to steal sensitive information or leverage a user's privileges.

CAPEC-506: Tapjacking

An adversary, through a previously installed malicious application, displays an interface that misleads the user and convinces them to tap on an attacker desired location on the screen. This is often accomplished by overlaying one screen on top of another while giving the appearance of a single interface. There are two main techniques used to accomplish this. The first is to leverage transparent properties that allow taps on the screen to pass through the visible application to an application running in the background. The second is to strategically place a small object (e.g., a button or text field) on top of the visible screen and make it appear to be a part of the underlying application. In both cases, the user is convinced to tap on the screen but does not realize the application that they are interacting with.

CAPEC-587: Cross Frame Scripting (XFS)

This attack pattern combines malicious Javascript and a legitimate webpage loaded into a concealed iframe. The malicious Javascript is then able to interact with a legitimate webpage in a manner that is unknown to the user. This attack usually leverages some element of social engineering in that an attacker must convinces a user to visit a web page that the attacker controls.

CAPEC-654: Credential Prompt Impersonation

An adversary, through a previously installed malicious application, impersonates a credential prompt in an attempt to steal a user's credentials.