Lucene search
K

31 matches found

RedhatCVE
RedhatCVE
added 2025/12/16 2:49 p.m.4 views

CVE-2025-34412

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...

6.9CVSS6.7AI score0.00075EPSS
Exploits0References1
NVD
NVD
added 2025/12/15 3:15 p.m.4 views

CVE-2025-34412

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action...

0.00075EPSS
Exploits0
EUVD
EUVD
added 2025/12/02 6:30 p.m.5 views

EUVD-2025-200286

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS5.8AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/02 5:59 p.m.7 views

CVE-2025-52622 HCL BigFix SaaS Remediate is affected by a security vulnerability

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/01 4:9 p.m.7 views

CVE-2025-12554

Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

9.8CVSS7AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:2 a.m.13 views

CVE-2023-33988

In SAP Enable Now - versions WPBMANAGER 1.0, WPBMANAGERCE 10, WPBMANAGERHANA 10, ENABLENOWCONSUMPDEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in...

6.1CVSS6.8AI score0.00345EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.5 views

PT-2024-36602 · Hush Line · Hush Line

Name of the Vulnerable Software and Affected Versions: Hush Line versions 0.1.0 through 0.3.4 Description: Hush Line is an open-source whistleblower management system. The production server was misconfigured, missing content security policy and security headers, which could result in bypassing of...

7.1CVSS6.7AI score0.003EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.4 views

SAP Enable Now 跨站脚本漏洞

SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is primarily used for e-learning, training, etc. in SAP and non-SAP systems. A cross-site scripting vulnerability exists in SAP Enable Now, which stems from an unimplemented...

6.1CVSS5.9AI score0.00345EPSS
Exploits0References3
OSV
OSV
added 2022/05/06 6:15 p.m.5 views

CVE-2021-27762

Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses...

9.8CVSS5.8AI score0.00668EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/26 12:0 a.m.5 views

IBM Security Guardium Insights 信息泄露漏洞

IBM Security Guardium Insights is a data security solution from IBM Corporation. IBM Security Guardium Insights has an information disclosure vulnerability in version 3.0 that stems from a failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to...

5.9CVSS5.6AI score0.01283EPSS
Exploits0References3
OSV
OSV
added 2020/01/23 6:15 p.m.4 views

CVE-2019-16515

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...

6.5CVSS6.6AI score0.01735EPSS
Exploits1References5
Rows per page
Query Builder