Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of verification of the internal IPv4 header length in the IPTFS payload. This vulnerability ma...

CVE-2026-31973 NULL pointer dereference in samtools cram-size

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the cramdecodecompressionheader was missing. If the function returned ...

CVE-2026-27512

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

CVE-2025-52629

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

CVE-2025-52629

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

CVE-2025-52629

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

EUVD-2025-206680

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...

CVE-2025-52631

CVE-2025-52631 affects HCL AION 2.0 and is due to a missing or insecure HTTP Strict-Transport-Security (HSTS) header. The NVD entry notes a high-severity vulnerability (CVSS v3.1: 8.1) with network access, high impact on confidentiality, integrity, and availability, and potential for MITM or prot...

CVE-2025-52629

CVE-2025-52629 affects HCL AION 2.0 and is caused by a missing Content-Security-Policy (CSP) header, increasing risk of cross-site scripting and content-injection attacks. Multiple sources (NVD, RH, CNVD, ENISA EUVD) corroborate the missing CSP as the issue. Remediation is to implement a CSP head...

EUVD-2025-206682

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

CVE-2025-52629 HCL AION is susceptible to Missing Content-Security-Policy

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

CVE-2026-24439 Tenda W30E V2 Lacks X-Content-Type-Options Header

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

Tenda W30E security vulnerabilities

The Tenda W30E is a router produced by the Chinese company Tenda. Versions of the Tenda W30E such as V2 and V16.01.0.195037 had security vulnerabilities. These vulnerabilities stemmed from the lack of the X-Content-Type-Options header in the web management interface, which could lead to browsers...

CVE-2026-22779

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used to manage, store and distribute software, among other things. A security vulnerability exists in Sonatype Nexus Repository that stems from a security header not being applied to certain user uploaded content, which...

HCL BigFix SaaS 安全漏洞

HCL BigFix SaaS is an endpoint management platform from HCL India. A security vulnerability exists in HCL BigFix SaaS, which stems from a missing security header and could lead to cross-site scripting and clickjacking attacks...

HCL AION Information Disclosure Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability due to a missing or insecure "X-Content-Type-Options" header flaw. An attacker could exploit this vulnerability to obtain credentials or system information...

CVE-2025-52630

CVE-2025-52630 affects HCL AION (AION: 2.0). The connected sources describe an information disclosure vulnerability caused by a missing or insecure X-Content-Type-Options header, enabling an unauthorized actor to obtain credentials or system information. Public documents attribute this to HCL AIO...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability due to a missing or insecure "X-Content-Type-Options" header flaw. An attacker could exploit this vulnerability to obtain credentials or system information...