31 matches found
CVE-2025-34412
The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...
CVE-2025-34412
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action...
EUVD-2025-200286
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...
CVE-2025-52622 HCL BigFix SaaS Remediate is affected by a security vulnerability
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...
CVE-2025-12554
Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2023-33988
In SAP Enable Now - versions WPBMANAGER 1.0, WPBMANAGERCE 10, WPBMANAGERHANA 10, ENABLENOWCONSUMPDEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in...
PT-2024-36602 · Hush Line · Hush Line
Name of the Vulnerable Software and Affected Versions: Hush Line versions 0.1.0 through 0.3.4 Description: Hush Line is an open-source whistleblower management system. The production server was misconfigured, missing content security policy and security headers, which could result in bypassing of...
SAP Enable Now 跨站脚本漏洞
SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is primarily used for e-learning, training, etc. in SAP and non-SAP systems. A cross-site scripting vulnerability exists in SAP Enable Now, which stems from an unimplemented...
CVE-2021-27762
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses...
IBM Security Guardium Insights 信息泄露漏洞
IBM Security Guardium Insights is a data security solution from IBM Corporation. IBM Security Guardium Insights has an information disclosure vulnerability in version 3.0 that stems from a failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to...
CVE-2019-16515
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...