CVEs classified under CWE-1021, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2021-43048 — CVSS 9.8 (critical): The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically…
CVE-2021-23274 — CVSS 9.8 (critical): The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver…
CVE-2016-2496 — CVSS 9.8 (critical): The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and…
CVE-2021-21132 — CVSS 9.6 (critical): Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox…
CVE-2021-21111 — CVSS 9.6 (critical): Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a…
CVE-2024-10004 — CVSS 9.1 (critical): Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in…
CVE-2023-41897 — CVSS 8.8 (high): Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the…
CVE-2022-3167 — CVSS 8.8 (high): Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1.
CVE-2021-22866 — CVSS 8.8 (high): A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub…
CVE-2018-18496 — CVSS 8.8 (high): When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a…
CVE-2026-0007 — CVSS 8.6 (high): In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack…
CVE-2021-44683 — CVSS 8.2 (high): The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a…
CVE-2019-16371 — CVSS 8.2 (high): LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a…
CVE-2024-11700 — CVSS 8.1 (high): Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly…
CVE-2024-7523 — CVSS 8.1 (high): A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions…
CVE-2024-33377 — CVSS 8.1 (high): LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim…
CVE-2021-23976 — CVSS 8.1 (high): When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed…
CVE-2021-0433 — CVSS 8.0 (high): In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a…
CVE-2026-28577 — CVSS 7.8 (high): In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to…
CVE-2026-0036 — CVSS 7.8 (high): In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to…
CVE-2025-48597 — CVSS 7.8 (high): In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could…
CVE-2025-32350 — CVSS 7.8 (high): In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a…
CVE-2025-32349 — CVSS 7.8 (high): In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escalation of…
CVE-2024-34743 — CVSS 7.8 (high): In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could…
CVE-2024-31323 — CVSS 7.8 (high): In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could…
CVE-2022-20443 — CVSS 7.8 (high): In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could…
CVE-2023-20913 — CVSS 7.8 (high): In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious…
CVE-2022-20520 — CVSS 7.8 (high): In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of…
CVE-2022-20331 — CVSS 7.8 (high): In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. This could lead…
CVE-2022-20212 — CVSS 7.8 (high): In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to…
CVE-2021-39702 — CVSS 7.8 (high): In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval…
CVE-2021-39692 — CVSS 7.8 (high): In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay…
CVE-2021-39669 — CVSS 7.8 (high): In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a…
CVE-2021-1036 — CVSS 7.8 (high): In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local…
CVE-2021-1040 — CVSS 7.8 (high): In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local…
CVE-2021-1039 — CVSS 7.8 (high): In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local…
CVE-2021-0603 — CVSS 7.8 (high): In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a…
CVE-2021-0586 — CVSS 7.8 (high): In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a…
CVE-2021-0487 — CVSS 7.8 (high): In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a…
CVE-2021-0438 — CVSS 7.8 (high): In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an…
CVE-2021-0386 — CVSS 7.8 (high): In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local…
CVE-2021-0391 — CVSS 7.8 (high): In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due…
CVE-2021-0305 — CVSS 7.8 (high): In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of…
CVE-2021-0302 — CVSS 7.8 (high): In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of…
CVE-2020-27059 — CVSS 7.8 (high): In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an…
CVE-2020-0366 — CVSS 7.8 (high): In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of…
CVE-2020-0394 — CVSS 7.8 (high): In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to…
CVE-2020-0051 — CVSS 7.8 (high): In onCreate of SettingsHomepageActivity, there is a possible tapjacking attack. This could lead to local escalation of privilege in…
CVE-2018-9524 — CVSS 7.8 (high): In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local…