Lucene search
+L

57 matches found

CVE
CVE
added 2026/02/26 7:57 a.m.20 views

CVE-2026-1696

CVE-2026-1696 describes a vulnerability where HTTP security headers are not properly set by the web server in responses to client applications. Affected component is the web server’s handling of security headers; root cause is misconfiguration or omission of headers in responses. Impact is descri...

6.1CVSS5.4AI score0.00143EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/01/28 12:1 a.m.7 views

EUVD-2026-4903

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...

4.7CVSS5.9AI score0.00199EPSS
Exploits1References3
CVE
CVE
added 2026/01/16 7:50 p.m.16 views

CVE-2026-23731

CVE-2026-23731 affects the WeGIA web manager for charitable institutions. Prior to version 3.6.2, the application is vulnerable to clickjacking because it does not send framing protections: missing X-Frame-Options and an unconfigured Content-Security-Policy with frame-ancestors. An attacker could...

4.3CVSS6.2AI score0.00272EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/01/15 8:10 p.m.30 views

CVE-2025-52987 Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation Pathfinder, Planner, Insights due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting wit...

6.1CVSS0.00242EPSS
Exploits0References2
CVE
CVE
added 2026/01/15 8:10 p.m.25 views

CVE-2025-52987

CVE-2025-52987 is a clickjacking vulnerability in Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) caused by the web portal failing to set proper X-Frame-Options and X-Content-Type headers. Affected are all Paragon Automation versions prior to 24.1.1. Practical impact described...

6.1CVSS6.5AI score0.00242EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.7 views

Planka 安全漏洞

Planka is a Trello-like Kanban board built with React and Redux by Planka Open Source. A security vulnerability exists in Planka version 2.0.0, which stems from the missing X-Frame-Options and CSP frame-ancestors headers and could lead to a phishing attack...

4.3CVSS6.6AI score0.0014EPSS
Exploits0References3
CVE
CVE
added 2025/12/15 2:44 p.m.11 views

CVE-2025-34412

The CVE-2025-34412 entry, based on connected documents, concerns the Convercent Whistleblowing Platform (EQ S Group) with a browser/session handling protection mechanism failure. By default deployments omit critical HTTP security headers (Content-Security-Policy, Referrer-Policy, Permissions-Poli...

6.3AI score0.00075EPSS
Exploits0
Veracode
Veracode
added 2025/12/13 7:35 a.m.11 views

Improper Cache Control

tutor is vulnerable to Improper Cache Control. The vulnerability is due to the absence of proper cache-control HTTP headers and client-side session checks, which allows an attacker to access sensitive information through cached or improperly validated sessions...

3.3CVSS5.8AI score0.00199EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/02 5:59 p.m.4 views

CVE-2025-52622 HCL BigFix SaaS Remediate is affected by a security vulnerability

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS6AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-30146

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01052EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/09/09 12:46 a.m.31 views

curl: Confirmed Security Misconfigurations on curl.se (BREACH, Missing Security Headers, ETag Info Disclosure)

Summary: During a security assessment of curl.se, multiple misconfigurations were identified that led to information disclosure or weakened the security posture of the website. Affected version: Website: https://curl.se Tested on: 09-09-2025 curl version: curl/8.8.0 x8664-pc-linux-gnu Steps To...

4.3CVSS7.3AI score0.06581EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:19 a.m.6 views

CVE-2023-3140

Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...

4.3CVSS6.8AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:1 a.m.6 views

CVE-2023-21659

Transient DOS in WLAN Firmware while processing frames with missing header fields...

7.5CVSS6.9AI score0.00383EPSS
Exploits0References1
NVD
NVD
added 2025/04/24 9:15 p.m.20 views

CVE-2023-37516

Missing "no cache" headers in HCL Leap permits user directory information to be cached...

3.2CVSS0.00138EPSS
Exploits0References1
OSV
OSV
added 2025/04/24 9:15 p.m.4 views

CVE-2024-30127

Missing "no cache" headers in HCL Leap permits sensitive data to be cached...

3.2CVSS5.8AI score0.00138EPSS
Exploits0References1
CVE
CVE
added 2025/04/24 8:35 p.m.53 views

CVE-2024-30127

CVE-2024-30127 concerns HCL Leap. The available connected data indicate the root cause is missing "no cache" headers, which permits sensitive data to be cached. The NVD metrics show a low base score (CVSS 3.1: 3.2, LOW) with local attack vector, low privileges required, and user interaction requi...

3.2CVSS3.9AI score0.00138EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/20 2:15 p.m.3 views

CVE-2024-1554

The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...

9.8CVSS7.3AI score0.00382EPSS
Exploits1References2
OSV
OSV
added 2024/02/20 2:15 p.m.10 views

UBUNTU-CVE-2024-1554

The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...

9.8CVSS7.2AI score0.00382EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2023/11/03 12:0 a.m.8 views

The vulnerability of the Bitrix24 business management service lies in the absence of a proper HTTP response header, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the bitrix/modules/main/tools.php component of the Bitrix24 business management service is related to the absence of a MIME response header. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code by uploading a created HTML file through...

10CVSS7.8AI score0.0085EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/08/15 7:15 p.m.5 views

CVE-2023-4324

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers...

9.8CVSS7.4AI score0.00588EPSS
Exploits0References2
Rows per page
Query Builder