CWE-1021: CWE-1021

This vulnerability in Home Assistant allows attackers to perform clickjacking attacks by tricking users into clicking malicious elements on a page. Th...

CVE-2021-3734 is a clickjacking vulnerability in YOURLS URL shortener software that allows attackers to overlay malicious UI elements over legitimate ...

This CVE describes a tapjacking vulnerability in Firefox and Thunderbird where malicious websites could trick users into approving external applicatio...

This vulnerability allows malicious websites to partially obscure security permission prompts in Firefox for Android, potentially tricking users into ...

This clickjacking vulnerability in LB-LINK BL-W1210M routers allows attackers to trick authenticated administrators into performing unintended actions...

This CVE describes a tapjacking/overlay vulnerability in Android that allows attackers to trick users into granting permissions without their knowledg...

This CVE describes a tapjacking/overlay vulnerability in Android that allows malicious apps to draw over legitimate apps and intercept user taps, pote...

This vulnerability in Android's SurfaceFlinger component allows local privilege escalation through tapjacking due to a logic error. Attackers can expl...

This CVE describes a tapjacking/overlay vulnerability in Android's Layer.cpp that allows malicious apps to bypass user interaction requirements. Attac...

CVE-2021-1036 is a tapjacking vulnerability in Android's LocationSettingsActivity that allows malicious apps to overlay deceptive UI elements on legit...

This vulnerability allows local attackers to perform a tapjacking/overlay attack on Android's notification access activity, potentially gaining elevat...

This CVE describes a tapjacking vulnerability in Android's Bluetooth device picker interface. Attackers can overlay malicious UI elements to trick use...

This vulnerability in Dia browser on macOS allows attackers to create custom-sized windows without the 'about:blank' indicator, enabling them to spoof...

This vulnerability allows malicious websites to enter fullscreen mode without displaying the standard browser notification, potentially tricking users...

This clickjacking vulnerability allows attackers to trick users into performing unintended actions on the EcoStruxure EV Charging Expert web interface...

This CVE describes a tapjacking/overlay vulnerability in Android's DefaultTransitionHandler that allows malicious apps to trick users into granting pe...

This CVE describes a tapjacking/overlay vulnerability in Android's Transition framework that allows malicious apps to bypass touch filtering restricti...

This CVE describes a tapjacking/overlay vulnerability in Android's Telephony service that could trick users into enabling malicious call forwarding. A...

This Android vulnerability allows attackers to bypass tapjacking/overlay protection by manipulating screen orientation during activity launches. It en...

This CVE describes a tapjacking vulnerability in Android's WindowManager that allows malicious apps to overlay deceptive UI elements over legitimate a...

This Android vulnerability allows malicious apps to trick users into installing harmful applications through a tapjacking/overlay attack. Attackers ca...

This vulnerability allows malicious apps to trick users into granting USB access permissions without their informed consent through a tapjacking/overl...

This CVE describes a tapjacking/overlay vulnerability in Android's Bluetooth pairing dialog that allows malicious apps to trick users into enabling Bl...

This vulnerability allows attackers to trick users into pairing with malicious Bluetooth devices through a tapjacking/overlay attack. It affects Andro...

This vulnerability allows attackers to trick users into tapping on malicious overlays that exit emergency callback mode, potentially enabling local pr...

This vulnerability allows attackers to partially obscure confirmation prompts in Firefox for Android, tricking users into launching external apps unex...

Hush Line whistleblower management systems running versions 0.1.0 through 0.3.4 lack Content Security Policy and security headers, allowing attackers ...

This Android vulnerability allows malicious apps to trick users into granting certificate access via tapjacking/overlay attacks. Attackers can use thi...

This vulnerability in GitLab's Device OAuth flow allows an attacker to gain full API access as another user through cross-window forgery. It affects G...

A Cross Window Forgery vulnerability in GitLab CE/EE allows attackers to manipulate the OAuth authentication flow via crafted payloads, potentially en...

This vulnerability in FreshRSS allows attackers to trick administrators into promoting unauthorized users to admin privileges through a double clickja...

This vulnerability allows clickjacking attacks on Wi-Fi AP UNIT 'AC-WPS-11ac series' devices. Attackers can trick authenticated users into clicking ma...

This vulnerability allows malicious websites to obscure the fullscreen notification dialog in Firefox and Thunderbird, enabling spoofing attacks where...

IBM Concert Software versions 1.0.0 through 2.0.0 contain a clickjacking vulnerability (CWE-1021) that allows remote attackers to hijack user clicks. ...

This CVE describes a cross-process screen stack vulnerability in Huawei's UIExtension module that could allow unauthorized access to screen content ac...

This vulnerability in XWiki Platform allows attackers to inject malicious CSS through comments, which can transform the entire wiki interface into a c...

A clickjacking vulnerability in Juniper Networks Paragon Automation web portal allows attackers to embed the interface in malicious frames and trick u...

This vulnerability in CHOCO TEI WATCHER mini (IB-MCT001) allows clickjacking attacks where malicious web content can trick users into performing unint...

This clickjacking vulnerability in IBM Cognos Command Center allows attackers to trick users into clicking malicious elements by overlaying transparen...

This vulnerability in tarteaucitron.js allows attackers with direct access to website source code or CMS plugins to inject malicious CSS values for el...

This CVE describes a cross-process screen stack vulnerability in Huawei's UIExtension module that could allow unauthorized access to screen content ac...

This CVE describes a cross-process screen stack vulnerability in Huawei's UIExtension module that could allow unauthorized access to screen content ac...

This CVE describes a confused deputy vulnerability in Android's visitUris function that allows local information disclosure without user interaction. ...

This CVE describes a redressing attack vulnerability where malicious email content can trick users into performing unintended actions or disclosing se...

IBM ApplinX 11.1 contains a clickjacking vulnerability that allows attackers to hijack user clicks by tricking victims into visiting malicious website...

This vulnerability allows attackers to craft URLs with Arabic script and whitespace characters to hide the true origin of web pages, enabling spoofing...

This vulnerability allows attackers to hide the fullscreen notification in Firefox and Thunderbird by rapidly requesting fullscreen mode, enabling pot...