Threats Tagged 'cwe-1021'
View all threats tagged with 'cwe-1021'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-1021'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-44727: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in jupyter-server jupyter_serverCVE-2026-44727 0 Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20. Join the discussion | CVE Database V5 | 06/22/2026, 19:56:56 UTC Added: 06/22/2026, 20:54:13 UTC |
CVE-2026-12348: CWE-1021 Improper restriction of rendered UI layers or frames in The Browser Company of New York` Arc SearchCVE-2026-12348 0 CVE-2026-12348 is a high-severity vulnerability in Arc Search for Android by The Browser Company of New York. It involves address bar spoofing where a remote attacker can make the browser display a trusted domain in the address bar while showing attacker-controlled content. This can enable phishing attacks by misleading users about the legitimacy of the website they are visiting. No specific affected versions or patches have been disclosed yet. Join the discussion | CVE Database V5 | 06/16/2026, 19:54:06 UTC Added: 06/16/2026, 20:45:37 UTC |
CVE-2024-13066: CWE-1021 Improper Restriction of Rendered UI Layers or Frames in Akinsoft LimonDeskCVE-2024-13066 0 Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking. This issue affects LimonDesk: from s1.02.14 before v1.02.17. Join the discussion | CVE Database V5 | 09/03/2025, 13:05:20 UTC Added: 06/01/2026, 13:03:46 UTC |
Showing 1 to 3 of 3 results