CVE-2025-52630

CVE-2025-52630 affects HCL AION (AION: 2.0). The connected sources describe an information disclosure vulnerability caused by a missing or insecure X-Content-Type-Options header, enabling an unauthorized actor to obtain credentials or system information. Public documents attribute this to HCL AIO...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability due to a missing or insecure "X-Content-Type-Options" header flaw. An attacker could exploit this vulnerability to obtain credentials or system information...

EUVD-2023-25826

Malicious code in bioql PyPI...

CVE-2025-33084

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

CVE-2021-26924

An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header...

CVE-2019-19089

For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text...

CVE-2008-5421

The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service hang via 1 a large integer in the Content-Length HTTP header; 2 an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or 3 a missing...

GHSA-Q7G5-JQ6P-6WVX Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value

Impact Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP response 401 is returned, the message will be...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...

kernel: wifi: cfg80211: check A-MSDU format more carefully

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make this a bit more...

CVE-2024-30126 HCL BigFix Compliance is affected by a missing X-Frame-Options Header vulnerability

HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge...

CVE-2024-23553

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute...

HCL Technologies HCL BigFix Platform Cross-Site Scripting Vulnerability

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Platform due to a missing specific...

Red Hat stackrox Security Vulnerabilities

Red Hat stackrox is a full lifecycle Kubernetes security solution from Red Hat. It allows you to detect, manage, and mitigate security risks, such as misconfigurations, and vulnerabilities CVEs. A security vulnerability exists in Red Hat stackrox that stems from a missing HTTP header, leading to ...

CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

UBUNTU-CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

Movim Access Control Error Vulnerability

Movim is a syndicated blogging and chat platform that acts as a web front end for the XMPP protocol. A security vulnerability exists in Movim versions prior to 0.22Z, which stems from a lack of header validation, leading to a cross-site WebSocket hijacking issue...