Lucene search
+L

11 matches found

Cvelist
Cvelist
added yesterday6 views

CVE-2026-54163 secure_headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input

secureheaders manages application of security headers with many safe defaults. Prior to 7.3.0, secureheaders builds the Content-Security-Policy value by stitching directives with ; separators, and buildsandboxlistdirective, buildmediatypelistdirective, and buildreporttodirective interpolate...

4.7CVSS0.00031EPSS
Exploits0References3
CVE
CVE
added yesterday9 views

CVE-2026-54163

Summary: The vulnerability CVE-2026-54163 affects the Ruby gem secure_headers (pre-7.3.0). When applications feed untrusted input into CSP-related directives via override_content_security_policy_directives or related APIs, the three builders—build_sandbox_list_directive, build_media_type_list_dir...

4.7CVSS5.3AI score0.00031EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/10 8:37 p.m.8 views

Secure Headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input

Summary secureheaders builds the Content-Security-Policy value by stitching every configured directive together with ; separators. Three directive builders buildsandboxlistdirective, buildmediatypelistdirective, buildreporttodirective interpolate caller-supplied strings into that value without...

4.7CVSS6.2AI score0.00031EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/10 8:37 p.m.3 views

GHSA-RQQ5-2GF9-4W4Q Secure Headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input

Summary secureheaders builds the Content-Security-Policy value by stitching every configured directive together with ; separators. Three directive builders buildsandboxlistdirective, buildmediatypelistdirective, buildreporttodirective interpolate caller-supplied strings into that value without...

4.7CVSS6.2AI score0.00031EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.7 views

PT-2026-57369

Name of the Vulnerable Software and Affected Versions secure headers versions prior to 7.3.0 Description The software fails to properly sanitize caller-supplied strings when building the Content-Security-Policy CSP header. Specifically, the functions build sandbox list directive, build media type...

4.7CVSS5.4AI score0.00031EPSS
Exploits0References7
ICS
ICS
added 2026/01/29 7:0 a.m.10 views

KiloView Encoder Series (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to create or delete administrator accounts, granting full administrative control. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

9.8CVSS5.6AI score0.00495EPSS
Exploits0References13
ICS
ICS
added 2025/12/18 7:0 a.m.11 views

Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics Products

RISK EVALUATION Successful exploitation of this vulnerability could result in denial-of-service DoS, information tampering, and information disclosure. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

8.2CVSS7.7AI score0.00492EPSS
Exploits0References13
Talos Blog
Talos Blog
added 2025/10/08 10:0 a.m.6 views

What to do when you click on a suspicious link

October is Cybersecurity Awareness Month, and as the tech-savvy friend or family member, people probably come to you for advice. One of the most common questions is: "I clicked a suspicious link. What do I do now?" Don't worry -- panic won't help, but a calm, step-by-step response will. Share thi...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/22 12:0 a.m.6 views

Content Security Policy Missing 'Report-To'

Content Security Policy CSP is a web security standard that helps to mitigate attacks like cross-site scripting XSS, clickjacking or mixed content issues. CSP provides mechanisms to websites to restrict content that browsers will be allowed to load. The 'report-to' directive allows websites to...

6.6AI score
Exploits0References3
CISA
CISA
added 2024/06/18 12:0 p.m.6 views

Phone Scammers Impersonating CISA Employees

Impersonation scams are on the rise and often use the names and titles of government employees. The Cybersecurity and Infrastructure Security Agency CISA is aware of recent impersonation scammers claiming to represent the agency. As a reminder, although CISA staff will occasionally contact...

7.1AI score
Exploits0
GithubExploit
GithubExploit
added 2024/03/29 8:52 p.m.377 views

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094-Vulnerabity-Checker Verify that your XZ Utils ve...

10CVSS9.9AI score0.85974EPSS
Exploits40
Rows per page
Query Builder