82 matches found
CVE-2026-21762
HCL DevOps Loop is affected by missing HTTP security headers. Missing security headers may reduce browser protections against common web-based attacks such as clickjacking, MIME-type sniffing, and cross-site scripting...
CVE-2026-21762 Missing HTTP Security Headers in DevOps Loop
HCL DevOps Loop is affected by missing HTTP security headers. Missing security headers may reduce browser protections against common web-based attacks such as clickjacking, MIME-type sniffing, and cross-site scripting...
CVE-2026-21762
Technical details are not publicly available in the provided documents. Monitor for updates.
PT-2026-57441
Name of the Vulnerable Software and Affected Versions Parse Server versions 9.0.0 through 9.10.0-alpha.1 Parse Server versions 8.x through 8.6.83 Description A stored cross-site scripting XSS issue exists when the software fails to recognize an uploaded file's extension via the mime package,...
CVE-2025-31985
HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...
CVE-2025-31984
HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...
CVE-2025-31985
HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...
EUVD-2025-209904
HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...
CVE-2025-31985 HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...
CVE-2025-31985 HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...
CVE-2025-31985
CVE-2025-31985 affects HCL BigFix Service Management (SM). The issue is a security misconfiguration caused by a missing or insecure X-Content-Type-Options header, which could allow browsers to perform MIME-type sniffing and potentially cause malicious content to be interpreted and executed incorr...
HCL BigFix Service Management 安全漏洞
HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. There is a security vulnerability in HCL BigFix Service Management. This vulnerability stems from incorrect security configurations. The absence or insecure use of the...
PT-2026-39882
Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description An attacker can bypass the Content Security Policy CSP script-src directive by uploading a crafted attachment to an issue. When this attachment is accessed via the 'file download.php'...
Security Headers Omission in Jira Software Data Center
This is a vulnerability in a non-Atlassian Jira Software dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Security Headers Omission vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Software Data Center...
EUVD-2025-209701
HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...
CVE-2025-31984
HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...
CVE-2025-31984
Technical details (affected versions, root cause specifics, exploit status) are not publicly available in the provided documents. Monitor for updates from advisory sources.
CVE-2025-31984 HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...
CVE-2025-31984 HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...
CVE-2025-31984
HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...