CVE-2025-31969

HCL Unica Platform is impacted by misconfigured Content Security Policy CSP. These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking...

PT-2025-41712

Name of the Vulnerable Software and Affected Versions HCL Unica Platform affected versions not specified Description The HCL Unica Platform is susceptible to issues stemming from a misconfigured Content Security Policy CSP. This misconfiguration can allow malicious resources to load, potentially...

EUVD-2025-15093

Malicious code in bioql PyPI...

EUVD-2023-30265

Malicious code in bioql PyPI...

CVE-2023-26445

Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and...

CVE-2024-10491 Preload arbitrary resources by injecting additional `Link` headers

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

CVE-2024-10491

The CVE-2024-10491 entry concerns the Express framework: the response.links function mishandles sanitization of Link header values, enabling arbitrary resource injection via certain characters (e.g., , ; ). Public-connected docs (GHSA, OSV, Debian OSV entries) reiterate the same issue and describ...

CVE-2024-10491 Preload arbitrary resources by injecting additional `Link` headers

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

CVE-2024-10491

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

ROS-20240805-05

Vulnerability in kube-apiserver component of virtual machine cluster management software tool Kubernetes is related to redirection to malicious resources during proxied update requests. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

Improper Neutralization Of Special Elements In Output Used By A Downstream Component ('Injection')

Astro-Shield is vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'. The vulnerability is caused due to inadequate validation of user-controlled content, potentially allowing the inclusion of malicious resources in the generated CSP heade...

CVE-2024-29896

Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the C...

CVE-2024-29896

CVE-2024-29896 affects the Astro-Shield library. The vulnerability stems from automated CSP header generation for SSR content, where the CSP header may inadvertently allowlisting malicious injected resources (e.g., inlined or external scripts) when content can be partially controlled by external ...

Astro-Shield 安全漏洞

Astro-Shield is KindSpells Labs open source a library . It is used to calculate sub-resource integrity hashes for JS scripts and CSS stylesheets. Astro-Shield has a security vulnerability that stems from the CSP header generation feature allowing the listing of maliciously injected resources...

CVE-2023-26445

Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and...

Redirect auction

Weve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too...

External Resource Load

nifi-jetty is vulnerable to malicious external resource loads. Using a malicious HOST header, attackers can load malicious resources from external sources...