13 matches found
EUVD-2025-209667
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...
CVE-2025-59854 HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...
CVE-2025-59854
CVE-2025-59854 affects HCL DFXAnalytics and is caused by an insecure security header configuration: use of the outdated X-XSS-Protection header. This could allow a browser-specific rendering bypass or interfere with security controls that should be enforced by a robust Content Security Policy (CS...
CVE-2025-59854 HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...
CVE-2026-1696
Some HTTP security headers are not properly set by the web server when sending responses to the client application...
CVE-2025-62396
CVE-2025-62396 involves Moodle’s router (r.php) and an error-handling flaw that can cause the application to display internal directory listings when HTTP header configuration is incomplete. Affected software/component: Moodle/r.php router logic as described in multiple security feeds. Root cause...
EUVD-2023-38095
Malicious code in bioql PyPI...
CVE-2019-19000
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP headers have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information...
CVE-2023-33969 Stored Cross site scripting in the Task External Link Functionality in Kanboard
Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting XSS allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP...
Critical: cacti
Issue Overview: A flaw was found in how Cacti grants authorization based on IP address which allows authentication bypass, and possibly arbitrary command execution if a polleritem configured with a POLLERACTIONSCRIPTPHP action is present. This updated cacti package adds a feature allowing an...
CVE-2015-7031
The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors...
Design/Logic Flaw
The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors...
CVE-2015-7031
The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors...