Lucene search
K

361 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/14 4:8 p.m.13 views

CVE-2025-62316

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from incorrect configuration of certain security-related HTTP response headers. This issue may reduce the effectiveness of browser-based security controls and...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 4:11 p.m.7 views

GHSA-3JH5-RR2Q-XFV7 Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer

Summary The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers. When an error response is received, this information is included in the thrown...

7.6CVSS5.9AI score0.002EPSS
Exploits0References5
NVD
NVD
added 2026/05/11 10:16 a.m.16 views

CVE-2025-8154

In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...

7.5CVSS0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 9:30 a.m.34 views

CVE-2025-8154 HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation

In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...

5.3CVSS0.00186EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:30 a.m.7 views

CVE-2025-8154

In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software6
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39583

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these...

7.5CVSS5.8AI score0.00186EPSS
Exploits0References7
OSV
OSV
added 2026/05/08 8:41 a.m.5 views

BIT-DJANGO-2026-35192 Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django serie...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-39153

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSION SAVE EVERY REQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/05 6:33 p.m.10 views

EUVD-2026-27347

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django serie...

2.3CVSS5.8AI score0.00544EPSS
Exploits0References4
PyPA
PyPA
added 2026/05/05 4:16 p.m.19 views

PYSEC-2026-50

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page.Earlier, unsupported Django series...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/05 3:30 p.m.9 views

USN-8232-1 python-django vulnerabilities

It was discovered that Django did not vary cached response headers on cookies when sessions were not modified while SESSIONSAVEEVERYREQUEST was enabled. A remote attacker could possibly use this issue to steal a user's session. CVE-2026-35192 Kyle Agronick and Jacob Walls discovered that Django...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:50 p.m.4 views

CVE-2026-35192

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django serie...

2.3CVSS5.8AI score0.00544EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-35192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but...

6.5CVSS7.1AI score0.00544EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/04 12:0 a.m.10 views

httpgrep 2.7

httpgrep is a tool written in Python that scans for HTTP servers and finds given strings in HTTP body and HTTP response headers...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/30 12:36 a.m.10 views

CLEANSTART-2026-GN46454 When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written

Multiple security vulnerabilities affect the apache-nifi package. When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. See references for individual vulnerability details...

9.8CVSS8.4AI score0.01125EPSS
Exploits3References18
RedhatCVE
RedhatCVE
added 2026/04/06 5:2 p.m.4 views

CVE-2026-34767

A flaw was found in Electron, a framework used for developing cross-platform desktop applications. This vulnerability, known as HTTP response header injection, occurs when an application reflects attacker-controlled input into a response header. A remote attacker could exploit this to inject...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/04 5:34 a.m.9 views

Header Injection

aiohttp is vulnerable to Header Injection. The vulnerability is due to the C parser llhttp accepting null bytes and control characters in response header values, where crafted header values containing these characters can be interpreted differently by the application or downstream proxies,...

9.1CVSS5.9AI score0.00461EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2026/04/04 12:16 a.m.4 views

CVE-2026-34767

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

6.5CVSS0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/03 11:43 p.m.1 views

CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

5.9CVSS5.8AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder