CWE-1021: CWE-1021
Yearly Trend
Top Affected Vendors
All CWE-1021 CVEs (68)
This vulnerability in NEC WebSAM DeploymentManager allows attackers to reset configurations or restart products via network requests when X-FRAME-OPTI...
Jan 21, 2025Dokploy versions before 0.26.6 are vulnerable to clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy's w...
Jan 28, 2026This vulnerability allows attackers to overlay malicious iFrames on top of legitimate Shopside application interfaces, potentially tricking users into...
Nov 19, 2025This CVE describes a user interface inconsistency vulnerability in Apple iOS and iPadOS that allows an attacker with physical access to a locked devic...
Feb 11, 2026This clickjacking vulnerability in Tenda F3 router's web interface allows malicious websites to embed the admin panel in invisible frames. An authenti...
Feb 23, 2026This CVE describes a clickjacking vulnerability in WeGIA web management software for charitable institutions. Attackers can embed WeGIA pages in malic...
Jan 16, 2026This CVE describes a clickjacking vulnerability where attackers can trick users into performing unintended actions on web interfaces, potentially lead...
Jan 15, 2026PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded in malicious iframes. This enables UI redr...
Jan 5, 2026This vulnerability allows attackers to spoof website domains in the Chrome toolbar on Android devices, potentially tricking users into believing they'...
Dec 12, 2025This CVE describes a clickjacking vulnerability in Akinsoft LimonDesk where attackers can overlay malicious iFrames on legitimate pages, tricking user...
Sep 3, 2025This vulnerability allows attackers to manipulate the login page interface layers improperly, potentially enabling UI-based attacks like clickjacking ...
Aug 18, 2025HAX CMS versions 11.0.12 and below (NodeJS) and 11.0.7 and below (PHP) lack X-Frame-Options headers, allowing attackers to embed the CMS login page an...
Jul 23, 2025This vulnerability in RuoYi's Image Source Handler allows attackers to bypass UI layer restrictions, potentially enabling unauthorized interface manip...
Jul 20, 2025This clickjacking vulnerability allows attackers to embed the web application in malicious frames, tricking users into clicking hidden elements. This ...
Jul 3, 2025This clickjacking vulnerability allows attackers to embed the vulnerable web application in an invisible frame and trick users into clicking malicious...
Jun 12, 2025This vulnerability allows attackers who convince users to install malicious Chrome extensions to perform UI spoofing attacks. The malicious extension ...
Mar 5, 2025This vulnerability allows attackers to spoof browser UI elements in Google Chrome on Android, potentially tricking users into interacting with malicio...
Mar 5, 2025This vulnerability in IBM Sterling B2B Integrator allows clickjacking attacks where malicious websites can embed the application's interface in hidden...
Jun 27, 2024About CWE-1021 (CWE-1021)
Our database tracks 68 CVEs classified as CWE-1021, with 3 rated critical and 28 rated high severity. The average CVSS score for CWE-1021 vulnerabilities is 6.4.
External reference: View CWE-1021 on MITRE CWE →
Monitor CWE-1021 Vulnerabilities
Get alerted when new CWE-1021 CVEs affect your infrastructure.
Start Monitoring Free