Lucene search
K

67 matches found

NVD
NVD
added 2026/06/26 7:16 p.m.9 views

CVE-2026-47220

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

7.5CVSS0.00665EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-31984

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

5.4CVSS5.4AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.12 views

PT-2026-48347

Name of the Vulnerable Software and Affected Versions klever-go versions 1.7.14 through 1.7.17 Description The REST API in the seednode and node components is susceptible to a denial of service attack. This occurs because the application uses the Gin framework's Engine.Run function, which relies ...

7.5CVSS5.9AI score0.0005EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/27 12:14 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

10CVSS6.6AI score0.06157EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of verification of the internal IPv4 header length in the IPTFS payload. This vulnerability ma...

5.5CVSS6AI score0.00121EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 7:40 p.m.6 views

CVE-2026-35577 Missing Host Header Validation in Apollo MCP Server for Localhost Deployments

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS6AI score0.00182EPSS
Exploits0References5
OSV
OSV
added 2026/04/02 5:57 p.m.3 views

CVE-2026-34715 ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)

ewe is a Gleam web server. Prior to version 3.0.6, the encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into...

5.3CVSS5.7AI score0.00327EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/18 8:34 p.m.17 views

CVE-2026-31973 NULL pointer dereference in samtools cram-size

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the cramdecodecompressionheader was missing. If the function returned ...

6.9CVSS0.00523EPSS
Exploits0References2
NVD
NVD
added 2026/02/23 5:23 p.m.12 views

CVE-2026-27512

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

6.1CVSS0.00183EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.6 views

CVE-2025-52629

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

6.1CVSS5.1AI score0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 6:16 p.m.6 views

CVE-2025-52629

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

6.1CVSS0.0012EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:16 p.m.4 views

CVE-2025-52629

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

6.1CVSS5.6AI score0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 6:16 p.m.14 views

CVE-2025-52631

CVE-2025-52631 affects HCL AION 2.0 and is due to a missing or insecure HTTP Strict-Transport-Security (HSTS) header. The NVD entry notes a high-severity vulnerability (CVSS v3.1: 8.1) with network access, high impact on confidentiality, integrity, and availability, and potential for MITM or prot...

8.1CVSS5.4AI score0.00199EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/03 6:16 p.m.7 views

EUVD-2025-206680

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...

3.7CVSS5.4AI score0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 5:54 p.m.3 views

CVE-2025-52629 HCL AION is susceptible to Missing Content-Security-Policy

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

3.7CVSS5.1AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 5:54 p.m.6 views

EUVD-2025-206682

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

3.7CVSS5.1AI score0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 5:54 p.m.14 views

CVE-2025-52629

CVE-2025-52629 affects HCL AION 2.0 and is caused by a missing Content-Security-Policy (CSP) header, increasing risk of cross-site scripting and content-injection attacks. Multiple sources (NVD, RH, CNVD, ENISA EUVD) corroborate the missing CSP as the issue. Remediation is to implement a CSP head...

6.1CVSS5.1AI score0.0012EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/26 5:48 p.m.6 views

CVE-2026-24439 Tenda W30E V2 Lacks X-Content-Type-Options Header

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

2.1CVSS5.9AI score0.00169EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

Tenda W30E security vulnerabilities

The Tenda W30E is a router produced by the Chinese company Tenda. Versions of the Tenda W30E such as V2 and V16.01.0.195037 had security vulnerabilities. These vulnerabilities stemmed from the lack of the X-Content-Type-Options header in the web management interface, which could lead to browsers...

6.5CVSS5.8AI score0.00169EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/14 4:49 p.m.3 views

CVE-2026-22779

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

6.3CVSS5.6AI score0.00307EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder