Fallos del tipo CWE-1021
189 resultadosCVE-2025-30191MEDIUMMalicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensEPSS 0.2%CVE-2026-20645MEDIUMAn inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS EPSS 0.2%CVE-2026-8022LOWInappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in spEPSS 0.2%CVE-2026-3254LOWImproper Restriction of Rendered UI Layers or Frames in GitLabEPSS 0.2%CVE-2025-36149MEDIUMIBM Concert Software clickjackingEPSS 0.2%CVE-2026-21785MEDIUMHCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security PolicyEPSS 0.1%CVE-2025-65922MEDIUMPLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While EPSS 0.1%CVE-2026-44727CRITICALJupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSPEPSS 0.1%CVE-2022-20501HIGHIn onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account dueEPSS 0.1%CVE-2022-33723MEDIUMA vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwantEPSS 0.1%CVE-2022-20553MEDIUMIn onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This cEPSS 0.1%CVE-2022-33727MEDIUMA vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwaEPSS 0.1%CVE-2022-20213MEDIUMIn ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local EPSS 0.1%CVE-2022-20215MEDIUMIn onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to locEPSS 0.1%CVE-2023-20913HIGHIn onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phEPSS 0.1%CVE-2025-62316LOWHCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configuredEPSS 0.1%CVE-2024-31324HIGHIn hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode firsEPSS 0.1%CVE-2022-20442HIGHIn onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level < 23 due to a EPSS 0.1%CVE-2024-43084MEDIUMIn visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information diEPSS 0.1%CVE-2026-0007HIGHIn writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. EPSS 0.1%