Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the lack of a security header on certain user-uploaded content served from repositories. An attacker can execute arbitrary scripts in the context of another user by uploading specially crafted content and...

CVE-2025-13488 Nexus Repository 3 - Stored Cross-Site Scripting (XSS)

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting XSS vulnerability with user conte...

PT-2025-47591

IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29071)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a missing security header. No...

EUVD-2025-27841

Malicious code in bioql PyPI...

SICK Field Analytics和SICK Media Server 安全漏洞

SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from a missing...

IBM Concert 加密问题漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an encryption issue vulnerability that stems from a failure to properly enable HTTP Strict Transport Security, which could be...

CVE-2024-30119

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...

CVE-2024-30119 HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...

OpenShift: Missing HTTP Strict Transport Security

Openshift 4.9 does not use HTTP Strict Transport Security HSTS which may allow man-in-the-middle MITM attacks...

Siemens SINEMA Remote Connect Server 安全特征问题漏洞

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...

IBM Guardium Data Encryption 安全漏洞

IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. An information disclosure vulnerability exists in IBM Guardium Data Encryption that stems from a failure to properly enable HTTP Strict Transport Security, which can be...

JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09216)

JetBrains TeamCity is a distributed build management and continuous integration tool from Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.JetBrains TeamCity has a security vulnerability that stems from a missi...

Security Bulletin: IBM i2 Analyze missing security header (CVE-2021-29769)

Summary Some secure header options were missing in communication with the i2 Analyze server. Vulnerability Details CVEID: CVE-2021-29769 DESCRIPTION: IBM i2 Analyst's Notebook Premium does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the...

CVE-2016-9972

IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208...