CVE-2025-66600

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS HTTP Strict Transport Security configuration. When an attacker performs a Man in the middle MITM attack, communications with the web server could be sniffed. The affected products and...

CVE-2025-52631 HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability.

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...

EUVD-2015-1410

Malware in sbrugna...

EUVD-2024-16542

Malicious code in bioql PyPI...

CVE-2025-8204

CVE-2025-8204 affects Comodo Dragon up to version 134.0.6998.179, targeting the HSTS Handler component. The issue involves an insufficient security check in the HSTS Handler, enabling remote exploitation with high attack complexity. Publicly disclosed exploit information exists, and the vendor wa...

CVE-2024-1509

CVE-2024-1509 affects Brocade ASCG prior to version 3.2.0, where the web interface does not enforce HTTP Strict Transport Security (HSTS) for ports 8030 and 8100. Root cause: missing HSTS enforcement increases susceptibility to downgrade and SSL-stripping MITM attacks and weakens cookie-hijacking...

CVE-2024-1509 Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks...

SUSE SLES12 Security Update : curl (SUSE-SU-2024:3927-2)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:3927-2 advisory. - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry bsc1232528 Tenable has extracted the preceding description block directly from the...

SUSE-SU-2024:3927-2 Security update for curl

This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry bsc1232528...

MGASA-2024-0360 Updated curl packages fix security vulnerability

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

CVE-2024-0753

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

Code injection

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

CSA 上的 HSTS 安全漏洞

Last Modified Date Jul 27, 2023 11:22:48 AM...

HTTP Strict Transport Security (HSTS) Bypass

webkit2gtk is vulnerable to HTTP Strict Transport Security bypass. The vulnerability exists due to a lack of authentication of the security mechanism allowing an attacker to bypass the security HSTS...