CVE-2026-37470

An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components...

CVE-2025-62316

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

CVE-2026-22732

A flaw was found in Spring Security. When applications using Spring Security specify HTTP response headers for servlet applications, these headers may not be written. This can lead to a bypass of security policies or information disclosure, potentially allowing an attacker to gain unauthorized...

CVE-2025-36160

IBM Concert Software version 1.0.0–2.0.0 discloses sensitive server information via HTTP response headers, enabling potential follow-on attacks. This is corroborated by CNVD/CNVD-2026-07114, RH/CVE-2025-36160, EUVD, NVD, OSV and other sources. remediation per IBM bulletin: upgrade to IBM Concert ...

SUSE CVE-2023-38039

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of header...