Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2407 | 1 Opera | 1 Opera Browser | 2025-04-03 | 5.1 MEDIUM | N/A |
| A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking". | |||||
| CVE-2022-20213 | 1 Google | 1 Android | 2025-04-02 | N/A | 5.5 MEDIUM |
| In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508 | |||||
| CVE-2023-20913 | 1 Google | 1 Android | 2025-04-02 | N/A | 7.8 HIGH |
| In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785 | |||||
| CVE-2022-20215 | 1 Google | 1 Android | 2025-04-02 | N/A | 5.5 MEDIUM |
| In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206 | |||||
| CVE-2025-1917 | 1 Google | 2 Android, Chrome | 2025-04-01 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-1923 | 1 Google | 1 Chrome | 2025-04-01 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | |||||
| CVE-2022-20214 | 1 Google | 1 Android | 2025-04-01 | N/A | 4.7 MEDIUM |
| In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210 | |||||
| CVE-2024-4950 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-28 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-1550 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-03-27 | N/A | 6.1 MEDIUM |
| A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | |||||
| CVE-2024-9397 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-03-18 | N/A | 6.1 MEDIUM |
| A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | |||||
| CVE-2024-31324 | 1 Google | 1 Android | 2025-03-15 | N/A | 7.3 HIGH |
| In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-7523 | 1 Mozilla | 1 Firefox | 2025-03-14 | N/A | 8.1 HIGH |
| A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129. | |||||
| CVE-2024-40817 | 1 Apple | 2 Macos, Safari | 2025-03-14 | N/A | 6.1 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing. | |||||
| CVE-2024-5698 | 1 Mozilla | 1 Firefox | 2025-03-14 | N/A | 6.1 MEDIUM |
| By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127. | |||||
| CVE-2024-43084 | 1 Google | 1 Android | 2025-03-13 | N/A | 5.5 MEDIUM |
| In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2021-29827 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-03-12 | N/A | 5.2 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||
| CVE-2024-1890 | 1 Sma | 2 Sunny Webbox, Sunny Webbox Firmware | 2025-03-11 | N/A | 6.4 MEDIUM |
| Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier. | |||||
| CVE-2024-2613 | 1 Mozilla | 1 Firefox | 2025-02-25 | N/A | 7.5 HIGH |
| Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. | |||||
| CVE-2025-24874 | 2025-02-18 | N/A | 6.8 MEDIUM | ||
| SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the frame-ancestors CSP directive. Hence, clickjacking could become possible then, and lead to exposure and modification of sensitive information. | |||||
| CVE-2024-49796 | 1 Ibm | 1 Applinx | 2025-02-13 | N/A | 5.4 MEDIUM |
| IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||