Lucene search
K

79 matches found

RedhatCVE
RedhatCVE
added 2026/02/24 10:42 p.m.8 views

CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

5.1CVSS5.4AI score0.00207EPSS
Exploits1References1
CVE
CVE
added 2026/02/23 8:44 p.m.23 views

CVE-2025-68930

Traccar open-source GPS tracking system versions up to 6.11.1 are affected by a Cross-Site WebSocket Hijacking (CSWSH) in the /api/socket endpoint. The vulnerability arises from the application not validating the Origin header during the WebSocket handshake, allowing an attacker to bypass Same-Or...

7.1CVSS5.5AI score0.00541EPSS
Exploits4References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.12 views

PT-2026-21530

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The administrative interface of the software lacks the X-Content-Type-Options: nosniff header in responses and includes attacker-influenced content that can be...

6.1CVSS5.4AI score0.00183EPSS
Exploits0References4
CNVD
CNVD
added 2026/02/11 12:0 a.m.4 views

Unspecified Vulnerability in HCL AION (CNVD-2026-16402)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a missing or insecure HTTP Strict Transport Security header, which can be exploited by an attacker to cause a man-in-the-middle attack...

8.1CVSS5.8AI score0.00199EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-5906

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description HCL AION is susceptible to a missing or insecure HTTP Strict-Transport-Security HSTS header. This can permit insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrad...

8.1CVSS5.4AI score0.00199EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/27 9:23 p.m.17 views

CVE-2026-24439

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

6.5CVSS5.9AI score0.00169EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/26 5:48 p.m.5 views

CVE-2026-24439

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

2.1CVSS5.9AI score0.00169EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/26 5:48 p.m.5 views

EUVD-2026-4674

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

2.1CVSS5.9AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.4 views

PT-2026-4803

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

2.1CVSS5.9AI score0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/10 5:46 a.m.29 views

CVE-2026-22689 Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

6.5CVSS0.00208EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/12/17 10:8 p.m.6 views

CVE-2025-68274

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

8.7CVSS7.1AI score0.00487EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/16 10:2 p.m.5 views

EUVD-2025-203854

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

8.7CVSS6.6AI score0.00487EPSS
Exploits1References2
OSV
OSV
added 2025/12/16 10:2 p.m.7 views

CVE-2025-68274 SIPGO library has response DoS vulnerability via nil pointer dereference

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

8.7CVSS7AI score0.00487EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/12/16 9:24 p.m.10 views

SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference

Description A nil pointer dereference vulnerability was discovered in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. T...

8.7CVSS7AI score0.00487EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/12/16 9:24 p.m.4 views

GHSA-C623-F998-8HHV SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference

Description A nil pointer dereference vulnerability was discovered in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. T...

8.7CVSS6.9AI score0.00487EPSS
Exploits1References4
CVE
CVE
added 2025/11/20 7:10 p.m.15 views

CVE-2025-52667

CVE-2025-52667 affects Revive Adserver: missing JSON Content-Type header validation in a script leads to a stored XSS vulnerability for a logged-in manager user, affecting Revive Adserver 6.0.1, 5.5.2 and earlier. Connected sources (Red Hat, CNVD, NVD, OSV, HackerOne report) confirm XSS risk link...

5.4CVSS5.6AI score0.00319EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.5 views

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a missing security header. No...

9.8CVSS6.5AI score0.00337EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/28 8:38 p.m.6 views

EUVD-2025-36558

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS6.2AI score0.00274EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/03 9:12 p.m.3 views

CVE-2025-61673 Karapace is vulnerable to Authentication Bypass

Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...

8.6CVSS6.7AI score0.0037EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.4 views

Karapace 访问控制错误漏洞

Karapace is an open source message queuing tool from Aiven Open. An access control error vulnerability exists in Karapace versions 5.0.0 and 5.0.1, which stems from skipping token validation logic when a request is missing the Authorization header, which could lead to unauthenticated users readin...

8.6CVSS6.5AI score0.0037EPSS
Exploits0References3
Rows per page
Query Builder