CVE-2026-40957
o CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a m
CVSS
7.5
Alto
EPSS
0.3%
p23
KEV
—
Exploit Today
7
0-100
Publicado: 15 jul 2026 · Última mod.: 16 jul 2026 · CWE-1021
0.3%EPSS · 30 días0.3%
2026-07-162026-07-17
o CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2021-416576.1 MED51.4%
——15SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.9dCVE-2026-585958.1 ALT37.6%
——11Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network.1dCVE-2026-374707.3 ALT24.5%
——7An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components13dCVE-2026-447275.4 MED13.4%
——4Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.3dCVE-2026-141104.3 MED9.4%
——3Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)15dCVE-2026-141425.4 MED7.0%
——2Inappropriate implementation in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)16d