Lucene search
+L

413 matches found

Nuclei
Nuclei
added 13 hours ago57 views

Helmet Store Showroom v1.0 - SQL Injection

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. id: CVE-2022-46071 info: name: Helmet Store Showroom v1.0 - SQL Injection author: Harsh severity: critical description: | There is SQL Injection vulnerability...

9.8CVSS8.8AI score0.0431EPSS
Exploits1References2
NVD
NVD
added 2026/07/08 8:16 p.m.5 views

CVE-2026-53624

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...

4.8CVSS0.00212EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/07/08 7:32 p.m.35 views

CVE-2026-53624 Fiber: HSTS header never set in helmet middleware due to incorrect protocol check

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...

4.8CVSS0.00212EPSS
Exploits1References4
CVE
CVE
added 2026/07/08 7:32 p.m.8 views

CVE-2026-53624

CVE-2026-53624 (Fiber Go) : The helmet middleware fails to set the Strict-Transport-Security header before version 3.4.0 because it checks c.Protocol() for

4.8CVSS6AI score0.00212EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/07/08 7:32 p.m.3 views

CVE-2026-53624 Fiber: HSTS header never set in helmet middleware due to incorrect protocol check

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...

4.8CVSS6.1AI score0.00212EPSS
Exploits1References6
Snyk
Snyk
added 2026/07/06 8:43 p.m.10 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the incorrect protocol check in the helmet middleware, which fails to set the Strict-Transport-Security header even when configured. An attacker can intercept and manipulate network...

6.3CVSS6AI score0.00212EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 8:43 p.m.7 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the incorrect protocol check in the helmet middleware, which fails to set the Strict-Transport-Security header even when configured. An attacker can intercept and manipulate network...

6.3CVSS6AI score0.00212EPSS
Exploits1References2
OSV
OSV
added 2026/07/06 8:43 p.m.4 views

GHSA-GV83-GQW6-9J2C GoFiber never set HSTS header in helmet middleware due to incorrect protocol check

Summary The helmet middleware in gofiber/fiber never sets the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is explicitly configured, because the condition check at helmet.go:67 uses c.Protocol — which returns the HTTP protocol version string e.g., "HTTP/1.1", "HTTP/2.0" —...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/07/06 8:43 p.m.6 views

GoFiber never set HSTS header in helmet middleware due to incorrect protocol check

Summary The helmet middleware in gofiber/fiber never sets the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is explicitly configured, because the condition check at helmet.go:67 uses c.Protocol — which returns the HTTP protocol version string e.g., "HTTP/1.1", "HTTP/2.0" —...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56054

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.4.0 Description The helmet middleware in the Fiber web framework fails to set the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is configured. This occurs because the logic in...

4.8CVSS6AI score0.00212EPSS
Exploits1References7
EUVD
EUVD
added 2025/11/13 3:23 a.m.5 views

EUVD-2025-178556

Malicious code in helmet-radiant-babel-dorado npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-177414

Malicious code in orbit-publish-dynamo-helmet npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-179544

Malicious code in cosmicray-ursa-helmet-deneb npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-176365

Malicious code in singularity-restart-helmet-auriga npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in helmet-terser-isostasy-nova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6d590435965fd0d4709f2a296b53d67c019e8b303be67e195da8cf4cba2cfc9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.7 views

EUVD-2025-178554

Malicious code in helmet-sagitta-saturnology-element-ui npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-179560

Malicious code in corvus-biohacking-helmet-pm2 npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.5 views

EUVD-2025-178521

Malicious code in higgs-markdown-pdf-kaus-helmet npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-176844

Malicious code in quasar-helmet-metabolomics-node-config npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-177906

Malicious code in meissa-steganography-helmet-yaml npm...

6.6AI score
Exploits0
Rows per page
Query Builder