Lucene search
K

106 matches found

CVE
CVE
added 2025/05/26 12:0 p.m.52 views

CVE-2025-5184

CVE-2025-5184 affects Summer Pearl Group Vacation Rental Management Platform up to version 1.0.1. The vulnerability lies in the HTTP Response Header Handler component, where manipulation leads to information disclosure. The issue is exploitable remotely without user interaction. Upgrading to vers...

7.5CVSS4.5AI score0.00316EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/26 12:0 p.m.10 views

CVE-2025-5184 Summer Pearl Group Vacation Rental Management Platform HTTP Response Header information disclosure

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP Response Header Handler. The manipulation leads to information disclosure. It is possible to launch the...

5.3CVSS4.5AI score0.00316EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:7 a.m.13 views

CVE-2024-27713

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component...

8.8CVSS7.3AI score0.00557EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:19 p.m.7 views

CVE-2021-21743

ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request...

4.3CVSS6.7AI score0.00823EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:19 p.m.8 views

CVE-2021-21445

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attack...

5.4CVSS6.1AI score0.00635EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 a.m.8 views

CVE-2019-19002

For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting...

6.3CVSS6.7AI score0.00793EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:35 a.m.5 views

CVE-2019-19090

For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping...

3.5CVSS6.8AI score0.00517EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:14 a.m.9 views

CVE-2005-2861

Cross-site scripting XSS vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report...

4.3CVSS6AI score0.01271EPSS
Exploits1References1
NVD
NVD
added 2025/03/27 3:16 p.m.16 views

CVE-2025-30221

Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available...

4.3CVSS0.00269EPSS
Exploits0References2
OSV
OSV
added 2025/03/27 2:46 p.m.8 views

CVE-2025-30221 Pitchfork HTTP Request/Response Splitting vulnerability

Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available...

4.3CVSS4.8AI score0.00269EPSS
Exploits0References4
NVD
NVD
added 2025/01/12 10:15 p.m.23 views

CVE-2024-42179

HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version...

2.7CVSS0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/12 9:46 p.m.12 views

CVE-2024-42179 HCL MyXalytics is affected by sensitive information disclosure vulnerability

HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version...

2CVSS6.4AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/12 9:46 p.m.19 views

CVE-2024-42179 HCL MyXalytics is affected by sensitive information disclosure vulnerability

HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version...

2CVSS0.0022EPSS
Exploits0References1
NVD
NVD
added 2024/07/05 5:15 p.m.23 views

CVE-2024-27713

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component...

8.8CVSS0.00557EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/05 12:0 a.m.23 views

CVE-2024-27713

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component...

0.00557EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/05 12:0 a.m.14 views

CVE-2024-27713

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component...

7.2AI score0.00557EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/30 12:55 p.m.8 views

CVE-2024-2377

A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information...

7.6CVSS6.8AI score0.00205EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/30 12:0 a.m.3 views

Hitachi Energy SDM600 安全漏洞

Hitachi Energy SDM600 is a system data manager from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Energy SDM600, which arises from an overly liberal HTTP response header web server setting that allows an attacker to perform privileged operations and access sensitive...

7.6CVSS6.7AI score0.00205EPSS
Exploits0References2
NVD
NVD
added 2024/02/26 4:27 p.m.14 views

CVE-2024-23839

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...

8.1CVSS7AI score0.00784EPSS
Exploits0References5
OSV
OSV
added 2024/02/26 3:48 p.m.27 views

CVE-2024-23839 Suricata http: heap use after free with http.request_header and http.response_header keywords

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...

7.1CVSS7.2AI score0.00784EPSS
Exploits0References7
Rows per page
Query Builder