Lucene search
+L

46 matches found

cvelist
cvelist
added 2026/07/08 7:32 p.m.35 views

CVE-2026-53624 Fiber: HSTS header never set in helmet middleware due to incorrect protocol check

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...

4.8CVSS0.00207EPSS
Exploits1References4
osv
osv
added 2026/07/08 7:32 p.m.3 views

CVE-2026-53624 Fiber: HSTS header never set in helmet middleware due to incorrect protocol check

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...

4.8CVSS6.1AI score0.00207EPSS
Exploits1References6
cve
cve
added 2026/07/08 7:32 p.m.8 views

CVE-2026-53624

CVE-2026-53624 (Fiber Go) : The helmet middleware fails to set the Strict-Transport-Security header before version 3.4.0 because it checks c.Protocol() for

4.8CVSS6AI score0.00207EPSS
Exploits1References4Affected Software1
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.8 views

PT-2026-56054

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.4.0 Description The helmet middleware in the Fiber web framework fails to set the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is configured. This occurs because the logic in...

4.8CVSS6AI score0.00207EPSS
Exploits1References7
osv
osv
added 2026/02/03 7:16 p.m.6 views

CVE-2025-52631

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...

8.1CVSS5.8AI score0.00199EPSS
Exploits0References1
nvd
nvd
added 2026/02/03 7:16 p.m.12 views

CVE-2025-52631

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...

8.1CVSS0.00199EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/02/03 6:16 p.m.5 views

CVE-2025-52631 HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability.

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...

3.7CVSS5.4AI score0.00199EPSS
Exploits0References1
euvd
euvd
added 2026/02/03 6:16 p.m.8 views

EUVD-2025-206680

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...

3.7CVSS5.4AI score0.00199EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-14861

Malware in sbrugna...

6.5CVSS6.6AI score0.00997EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-14859

Malware in sbrugna...

5.8CVSS5.5AI score0.00974EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-36986

Malicious code in bioql PyPI...

5.3CVSS5.8AI score0.00875EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-37424

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00366EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/22 9:54 p.m.11 views

CVE-2022-34469

When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. This bug...

8.8CVSS8.8AI score0.00366EPSS
Exploits0References1
osv
osv
added 2024/11/06 8:15 a.m.7 views

AZL-52426 CVE-2024-9681 affecting package mysql for versions less than 8.0.40-3

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

6.5CVSS6.7AI score0.0197EPSS
Exploits1References1
openvas
openvas
added 2024/03/04 12:0 a.m.25 views

openSUSE: Security Advisory for qt6 (SUSE-SU-2023:3380-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.01287EPSS
Exploits0References2
citrix
citrix
added 2023/08/16 12:0 a.m.13 views

How to delete duplicate HSTS header

Explain how to eliminate the duplicate HSTS header Duplicated header HSTS Why? it could come from a backend server, and also being applied from the ADC Vserver configuration, so we need to decide which header to keep. In this case, the client wants to delete the HSTS header coming from the server...

7AI score
Exploits0
nessus
nessus
added 2023/08/09 12:0 a.m.26 views

SUSE SLED15: libQt6Concurrent6 / libQt6Core6 / libQt6DBus6 / libQt6Gui6 / etc (SUSE-SU-2023:3225-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3225-1 advisory. - CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a...

7.5CVSS6.7AI score0.0132EPSS
Exploits0References16
osv
osv
added 2023/07/28 7:26 p.m.5 views

SUSE-SU-2023:3018-1 Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: - CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate bsc1211994. - CVE-2023-33285: Fixed buffer overflow in QDnsLookup bsc1211642. - CVE-2023-32762: Fixed Qt...

7.5CVSS7AI score0.0132EPSS
Exploits0References11
osv
osv
added 2023/07/01 11:5 a.m.3 views

OESA-2023-1387 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established,...

7.5CVSS7.4AI score0.01287EPSS
Exploits0References3
veracode
veracode
added 2023/06/04 7:34 p.m.43 views

Insecure Handling Of Strict-Transport-Security Header

qt6-qtbase is vulnerable to Insecure Handling of Strict-Transport-Security Header. The vulnerability occurs because Qt Network incorrectly parses the Strict-Transport-Security HSTS header, which can result in unencrypted connections being established even when the server explicitly prohibits them...

5.3CVSS6.8AI score0.00875EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder