Lucene search
K

92 matches found

ptsecurity
ptsecurity
added 2025/11/20 12:0 a.m.6 views

PT-2025-47591

IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

5.9CVSS5.3AI score0.00189EPSS
Exploits0References2
cnvd
cnvd
added 2025/11/05 12:0 a.m.6 views

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29071)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a missing security header. No...

9.8CVSS6.6AI score0.00337EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/10/31 12:0 a.m.5 views

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a missing security header. No...

9.8CVSS6.5AI score0.00337EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-13933

Malware in sbrugna...

7.5CVSS7.6AI score0.01071EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2008-2545

Malware in sbrugna...

5CVSS6.4AI score0.01639EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27841

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00195EPSS
Exploits0References1
osv
osv
added 2025/09/28 11:5 p.m.6 views

USN-7780-1 qtbase-opensource-src vulnerabilities

It was discovered that Qt did not correctly handle certain inputs when using the SQL ODBC driver plugin. An attacker could possibly use this issue to cause a denial of service. CVE-2023-24607 It was discovered that Qt did not correctly parse certain strict-transport- security headers. An attacker...

7.5CVSS7AI score0.0132EPSS
Exploits0References5
cnnvd
cnnvd
added 2025/06/12 12:0 a.m.6 views

SICK Field Analytics和SICK Media Server 安全漏洞

SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from a missing...

6.1CVSS5.8AI score0.00263EPSS
Exploits0References8
redhatcve
redhatcve
added 2025/05/23 5:3 a.m.12 views

CVE-2023-36918

In SAP Enable Now - versions WPBMANAGER 1.0, WPBMANAGERCE 10, WPBMANAGERHANA 10, ENABLENOWCONSUMPDEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in...

6.1CVSS6.9AI score0.00395EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 12:1 a.m.9 views

CVE-2022-24733

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface wi...

6.1CVSS6.5AI score0.00871EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/01/07 12:0 a.m.3 views

IBM Concert 加密问题漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an encryption issue vulnerability that stems from a failure to properly enable HTTP Strict Transport Security, which could be...

5.9CVSS6.5AI score0.00261EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/12/13 11:5 a.m.11 views

CVE-2021-32007 Missing security header: Referrer-Policy URL

This issue affects: Secomea GateManager Version 9.5 and all prior versions. Protection Mechanism Failure vulnerability in web server of Secomea GateManager to potentially leak information to remote servers...

3.5CVSS4AI score0.00256EPSS
Exploits0References1
osv
osv
added 2024/11/06 8:15 a.m.4 views

ALPINE-CVE-2024-9681

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

6.5CVSS6.9AI score0.0197EPSS
Exploits1References1
cnvd
cnvd
added 2024/08/14 12:0 a.m.6 views

Siemens SINEC Traffic Analyzer Logic Flaw Vulnerability (CNVD-2024-35430)

SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communications between controllers and IO devices. A logic flaw vulnerability exists in Siemens SINEC Traffic Analyzer, which stems from the application's lack of a regular HTTP security header in the web server,...

5.4CVSS6.8AI score0.00212EPSS
Exploits0References1
nvd
nvd
added 2024/06/14 10:15 p.m.31 views

CVE-2024-30119

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...

3.7CVSS0.00197EPSS
Exploits0References1
cvelist
cvelist
added 2024/06/14 9:34 p.m.29 views

CVE-2024-30119 HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...

3.7CVSS0.00197EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/06/14 9:34 p.m.12 views

CVE-2024-30119 HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...

3.7CVSS6.8AI score0.00197EPSS
Exploits0References1
cve
cve
added 2024/06/14 9:34 p.m.43 views

CVE-2024-30119

CVE-2024-30119 affects HCL DRYiCE Optibot Reset Station due to a missing Strict Transport Security (HSTS) header. Underlying issue allows potential interception or manipulation of data during redirection. CVSSv3.1/3.1 metrics indicate a base score of 3.7 (LOW) with Network attack vector, high att...

3.7CVSS4.1AI score0.00197EPSS
Exploits0References1
osv
osv
added 2024/06/04 10:26 p.m.38 views

GHSA-FWHR-88QX-H9G7 Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: = 6.1.0 Not affected: 6.1.0 Fixed Versions: 6.1.7.8,...

5.4CVSS7.2AI score0.00658EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/03/14 12:0 a.m.4 views

vantage6 Security Vulnerabilities

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in vantage6 versions 4.2.0 and earlier that stems from not setting the security header...

5.4CVSS6.8AI score0.00349EPSS
Exploits0References4
Rows per page
Query Builder