Lucene search
K

51 matches found

EUVD
EUVD
added 5 days ago8 views

EUVD-2026-40695

Insufficient policy enforcement in PermissionsPolicy in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00263EPSS
Exploits0References3
OSV
OSV
added 6 days ago3 views

DEBIAN-CVE-2026-14007

Insufficient policy enforcement in PermissionsPolicy in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 6 days ago5 views

CVE-2026-14007

Insufficient policy enforcement in PermissionsPolicy in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00263EPSS
Exploits0References2
Debian CVE
Debian CVE
added 6 days ago10 views

CVE-2026-14007

Insufficient policy enforcement in PermissionsPolicy in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00263EPSS
Exploits0
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-54283

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in PermissionsPolicy allows a remote attacker to bypass navigation restrictions by using a crafted HTML page. Recommendations Update Google Chrome to...

9.6CVSS6AI score0.00413EPSS
Exploits0References437
OSV
OSV
added 2026/05/05 10:20 p.m.4 views

GHSA-7WW3-XVF5-CXWM ciguard: Web UI is missing HTTP defence-in-depth headers

Summary ciguard's FastAPI Web UI src/ciguard/web/app.py does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing Content-Security-Policy Medium, X-Frame-Options Medium, Sub-Resource-Integrity on /api/docs Medium, COOP / COEP / CORP Low, Permissions-Policy Low...

4.3CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/05 10:20 p.m.7 views

ciguard: Web UI is missing HTTP defence-in-depth headers

Summary ciguard's FastAPI Web UI src/ciguard/web/app.py does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing Content-Security-Policy Medium, X-Frame-Options Medium, Sub-Resource-Integrity on /api/docs Medium, COOP / COEP / CORP Low, Permissions-Policy Low...

5.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/05 12:23 a.m.2 views

GHSA-8QP7-FHR9-FW53 @backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass

Impact A malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. The attack requires: - The ability to register a template in the catalog - A victim who executes the malicious template Patches Patched in...

2CVSS5.9AI score0.00262EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/15 2:44 p.m.4 views

EUVD-2025-203381

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...

6.9CVSS6.2AI score0.00075EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/15 2:44 p.m.26 views

CVE-2025-34412

...

0.00075EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.7 views

PT-2025-51235

Name of the Vulnerable Software and Affected Versions Convercent Whistleblowing Platform versions affected versions not specified Description The application exhibits a protection mechanism failure in browser and session handling. It lacks essential HTTP security headers, including...

6.9CVSS6.2AI score0.00075EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.6 views

CVE-2025-34413

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...

7.1CVSS6.7AI score0.00374EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 6:15 p.m.4 views

CVE-2025-34413

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...

7.1CVSS0.00374EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/09 6:11 p.m.3 views

CVE-2025-34413 Legality WHISTLEBLOWING Missing Critical HTTP Security Headers

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...

7.1CVSS6.3AI score0.00374EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/09 6:11 p.m.6 views

EUVD-2025-202183

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...

7.1CVSS6.2AI score0.00374EPSS
Exploits0References4
CVE
CVE
added 2025/12/09 6:11 p.m.18 views

CVE-2025-34413

CVE-2025-34413 affects DigitalPA Legality WHISTLEBLOWING. The protection mechanism failure is due to omission of critical HTTP security headers by default: Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and Cross-Origin-Reso...

7.1CVSS6.3AI score0.00374EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/09 6:11 p.m.20 views

CVE-2025-34413 Legality WHISTLEBLOWING Missing Critical HTTP Security Headers

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...

7.1CVSS0.00374EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50148

Name of the Vulnerable Software and Affected Versions Legality WHISTLEBLOWING by DigitalPA affected versions not specified Description A protection mechanism failure exists due to the omission of critical HTTP security headers by default. Specifically, Content-Security-Policy, Referrer-Policy,...

7.1CVSS6.2AI score0.00374EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2044

Malicious code in bioql PyPI...

9.8CVSS5.8AI score0.00658EPSS
Exploits0References6
OSV
OSV
added 2024/12/20 9:49 a.m.3 views

BIT-RAILS-2024-28103 Action Pack is missing security headers on non-HTML responses

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...

9.8CVSS5.5AI score0.00658EPSS
Exploits0References4
Rows per page
Query Builder