57 matches found
CVE-2026-1696
CVE-2026-1696 describes a vulnerability where HTTP security headers are not properly set by the web server in responses to client applications. Affected component is the web server’s handling of security headers; root cause is misconfiguration or omission of headers in responses. Impact is descri...
EUVD-2026-4903
Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...
CVE-2026-23731
CVE-2026-23731 affects the WeGIA web manager for charitable institutions. Prior to version 3.6.2, the application is vulnerable to clickjacking because it does not send framing protections: missing X-Frame-Options and an unconfigured Content-Security-Policy with frame-ancestors. An attacker could...
CVE-2025-52987 Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed
A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation Pathfinder, Planner, Insights due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting wit...
CVE-2025-52987
CVE-2025-52987 is a clickjacking vulnerability in Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) caused by the web portal failing to set proper X-Frame-Options and X-Content-Type headers. Affected are all Paragon Automation versions prior to 24.1.1. Practical impact described...
Planka 安全漏洞
Planka is a Trello-like Kanban board built with React and Redux by Planka Open Source. A security vulnerability exists in Planka version 2.0.0, which stems from the missing X-Frame-Options and CSP frame-ancestors headers and could lead to a phishing attack...
CVE-2025-34412
The CVE-2025-34412 entry, based on connected documents, concerns the Convercent Whistleblowing Platform (EQ S Group) with a browser/session handling protection mechanism failure. By default deployments omit critical HTTP security headers (Content-Security-Policy, Referrer-Policy, Permissions-Poli...
Improper Cache Control
tutor is vulnerable to Improper Cache Control. The vulnerability is due to the absence of proper cache-control HTTP headers and client-side session checks, which allows an attacker to access sensitive information through cached or improperly validated sessions...
CVE-2025-52622 HCL BigFix SaaS Remediate is affected by a security vulnerability
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...
EUVD-2021-30146
Malicious code in bioql PyPI...
curl: Confirmed Security Misconfigurations on curl.se (BREACH, Missing Security Headers, ETag Info Disclosure)
Summary: During a security assessment of curl.se, multiple misconfigurations were identified that led to information disclosure or weakened the security posture of the website. Affected version: Website: https://curl.se Tested on: 09-09-2025 curl version: curl/8.8.0 x8664-pc-linux-gnu Steps To...
CVE-2023-3140
Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...
CVE-2023-21659
Transient DOS in WLAN Firmware while processing frames with missing header fields...
CVE-2023-37516
Missing "no cache" headers in HCL Leap permits user directory information to be cached...
CVE-2024-30127
Missing "no cache" headers in HCL Leap permits sensitive data to be cached...
CVE-2024-30127
CVE-2024-30127 concerns HCL Leap. The available connected data indicate the root cause is missing "no cache" headers, which permits sensitive data to be cached. The NVD metrics show a low base score (CVSS 3.1: 3.2, LOW) with local attack vector, low privileges required, and user interaction requi...
CVE-2024-1554
The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...
UBUNTU-CVE-2024-1554
The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...
The vulnerability of the Bitrix24 business management service lies in the absence of a proper HTTP response header, allowing attackers to execute arbitrary JavaScript code.
The vulnerability of the bitrix/modules/main/tools.php component of the Bitrix24 business management service is related to the absence of a MIME response header. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code by uploading a created HTML file through...
CVE-2023-4324
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers...