25 matches found
EUVD-2025-209659
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting XSS...
EUVD-2025-209667
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...
CVE-2025-31970
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting XSS...
CVE-2025-59854 HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...
CVE-2025-59854
CVE-2025-59854 affects HCL DFXAnalytics and is caused by an insecure security header configuration: use of the outdated X-XSS-Protection header. This could allow a browser-specific rendering bypass or interfere with security controls that should be enforced by a robust Content Security Policy (CS...
CVE-2025-59854 HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...
PT-2026-37442
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...
CVE-2026-22618
A security misconfiguration was identified in Eaton Intelligent Power Protector IPP, where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available...
CVE-2026-22618
A security misconfiguration was identified in Eaton Intelligent Power Protector IPP, where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available...
CVE-2026-22618
A security misconfiguration was identified in Eaton Intelligent Power Protector IPP, where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available...
PT-2026-33260
A security misconfiguration was identified in Eaton Intelligent Power Protector IPP, where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available...
PT-2026-7055
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...
CVE-2025-52631
CVE-2025-52631 affects HCL AION 2.0 and is due to a missing or insecure HTTP Strict-Transport-Security (HSTS) header. The NVD entry notes a high-severity vulnerability (CVSS v3.1: 8.1) with network access, high impact on confidentiality, integrity, and availability, and potential for MITM or prot...
MiracleLinux 7 : rh-nodejs10-nodejs-10.19.0-1.el7 (AXSA:2020-4479:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4479:01 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 nodejs: Remotely trigger an assertion on a TLS server with a...
EUVD-2021-18932
Malware in sbrugna...
CVE-2025-6442
Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...
Improper Input Validation
github.com/fabiolb/fabio is vulnerable to Improper Input Validation. The vulnerability is due to insecure header handling due to a flaw in processing hop-by-hop headers, allowing clients to remove or manipulate trusted X-Forwarded headers via the Connection header...
CVE-2021-32070
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users...
Phoniebox Security Breach
Phoniebox is a contactless jukebox for the Raspberry Pi by the individual developer Micz Flor. A security vulnerability exists in Phoniebox version 2.7 and earlier, which stems from insecure handling of the GET header parameter file contained in requests, and is vulnerable to shell command...
GHSA-CG34-W3FM-82H3 Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4qqq-9vqf-3h3f. This link is maintained to preserve external references. Original Description In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only...