CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

73 matches found

OSV•added 2026/06/08 11:8 p.m.•5 views

GHSA-W7W5-5GCP-38RW nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)

None of the response paths in internal/web/ or internal/api/ set the standard browser-security headers. grep for Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy returns zero matches across the codebase. Impact The admin UI signs CA...

7.1CVSS5.5AI score0.00031EPSS

Exploits0References4

Tenable Nessus•added 2026/05/28 12:0 a.m.•10 views

Atlassian Jira Service Management Data Center and Server 10.0.0 < 10.3.7 / 10.4.0 < 11.3.5 (JSDSERVER-16588)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16588 advisory. - This Security Headers Omission vulnerability allows an unauthenticated attacker to receive responses...

9.1CVSS7.3AI score0.00437EPSS

Exploits2References2

Atlassian•added 2026/05/15 7:58 a.m.•24 views

Security Headers Omission in Jira Service Management Data Center

This is a vulnerability in a non-Atlassian Jira Service Management dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Security Headers Omission vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Service...

9.1CVSS7.2AI score0.00437EPSS

Exploits2

ATTACKERKB•added 2026/03/02 11:16 a.m.•5 views

CVE-2025-58406

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls...

8.8CVSS5.9AI score0.00186EPSS

Exploits0References3

Vulnrichment•added 2026/03/02 11:16 a.m.•8 views

CVE-2025-58406 Lack of HTTP Response Headers

5.3CVSS5.9AI score0.00184EPSS

Exploits0References2

CVE•added 2026/03/02 11:16 a.m.•12 views

CVE-2025-58405

The CVE-2025-58405 entry concerns the CGM CLININET application, where the component does not implement any mechanisms to prevent clickjacking. The Red Hat RH CVEs likewise describe the same issue. Technical details indicate a lack of HTTP security headers or frame-busting protections, enabling em...

6.1CVSS5.9AI score0.00172EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/01/28 12:0 a.m.•4 views

Dokploy security vulnerabilities

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.6 contained security vulnerabilities; these vulnerabilities were due to the lack of a framework disruption header, which could lead to clickjacking attacks...

6.1CVSS5.8AI score0.00199EPSS

Exploits1References3

Tenable Nessus•added 2026/01/20 12:0 a.m.•6 views

MiracleLinux 7 : firefox-102.14.0-1.0.1.el7.AXS7 (AXSA:2023-6310:27)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6310:27 advisory. Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation...

9.8CVSS8.8AI score0.13694EPSS

Exploits1References10

Tenable Nessus•added 2026/01/20 12:0 a.m.•2 views

MiracleLinux 8 : firefox-115.9.1-1.el8.ML.1 (AXSA:2024-7652:13)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7652:13 advisory. nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: JIT code failed to save return...

8.8CVSS8.8AI score0.047EPSS

Exploits4References11

Tenable Nessus•added 2026/01/20 12:0 a.m.•2 views

MiracleLinux 9 : firefox-102.11.0-2.el9.ML.1 (AXSA:2023-6024:19)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6024:19 advisory. Mozilla: Browser prompts could have been obscured by popups CVE-2023-32205 Mozilla: Crash in RLBox Expat driver CVE-2023-32206 Mozilla: Potential...

8.8CVSS8.7AI score0.00753EPSS

Exploits0References8

RedhatCVE•added 2026/01/07 9:50 a.m.•7 views

CVE-2022-27220

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks...

4.3CVSS6.9AI score0.00627EPSS

Exploits0References1

Cvelist•added 2026/01/05 12:0 a.m.•25 views

CVE-2025-65922

PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka applicati...

0.0014EPSS

Exploits0References2

Tenable Nessus•added 2025/11/20 12:0 a.m.•5 views

TencentOS Server 4: mozjs (TSSA-2025:0474)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0474 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.1CVSS7.4AI score0.00398EPSS

Exploits0References6