Lucene search
K

361 matches found

Vulnrichment
Vulnrichment
added 2025/07/25 3:52 p.m.3 views

CVE-2025-34114 OpenBlow Missing Critical Security Headers

A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform across multiple versions and default deployments, due to the absence of critical HTTP response headers including Content-Security-Policy, Referrer-Policy, Permissions-Policy,...

8.4CVSS5.8AI score0.00162EPSS
Exploits0References3
CVE
CVE
added 2025/07/25 3:52 p.m.23 views

CVE-2025-34114

CVE-2025-34114 affects OpenBlow whistleblowing platform. The vulnerability is a client-side misconfiguration due to missing critical HTTP response headers: Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy across multiple ...

8.4CVSS5.8AI score0.00162EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/25 3:52 p.m.12 views

CVE-2025-34114 OpenBlow Missing Critical Security Headers

A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform across multiple versions and default deployments, due to the absence of critical HTTP response headers including Content-Security-Policy, Referrer-Policy, Permissions-Policy,...

8.4CVSS0.00162EPSS
Exploits0References3
OSV
OSV
added 2025/07/17 4:15 p.m.6 views

CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

3.4CVSS7AI score
Exploits0References5
NVD
NVD
added 2025/07/17 4:15 p.m.6 views

CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

3.4CVSS0.00174EPSS
Exploits0References5
OSV
OSV
added 2025/07/17 4:15 p.m.8 views

UBUNTU-CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

3.4CVSS6.7AI score0.00174EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/07/17 3:47 p.m.5 views

CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

3.4CVSS6.1AI score0.00174EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/17 12:0 a.m.3 views

PT-2025-29924

Name of the Vulnerable Software and Affected Versions on-headers versions prior to 1.1.0 Description on-headers is a Node.js middleware used for listening to response headers. A flaw in versions prior to 1.1.0 may allow unintended modification of response headers when an array is passed to...

3.4CVSS6.3AI score0.00174EPSS
Exploits0References29
Tenable Nessus
Tenable Nessus
added 2025/05/29 12:0 a.m.11 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : libsoup vulnerabilities (USN-7543-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7543-1 advisory. Jan Raski discovered that libsoup incorrectly handled certain headers when sending HTTP/2...

7.5CVSS6.5AI score0.00532EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:37 a.m.11 views

CVE-2024-42493

Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login...

6.9CVSS6.3AI score0.00312EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:17 a.m.10 views

CVE-2023-48256

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request...

6.3CVSS7AI score0.00302EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:23 a.m.10 views

CVE-2022-34329

IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467...

5.3CVSS5.9AI score0.00673EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/16 12:0 a.m.12 views

Azure Linux 3.0 Security Update: httpd / mod_http2 (CVE-2022-37436)

The version of httpd / modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-37436 advisory. - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be...

5.3CVSS7.2AI score0.57941EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/05/13 5:18 p.m.5 views

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

6.3CVSS5.8AI score0.00547EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/05/13 2:0 p.m.5 views

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

6.3CVSS5.8AI score0.00547EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/05/13 1:59 p.m.6 views

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

6.3CVSS5.8AI score0.00547EPSS
Exploits1References5
OSV
OSV
added 2025/03/29 6:15 a.m.7 views

AZL-59294 CVE-2025-1217 affecting package php for versions less than 8.3.19-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...

3.1CVSS6.7AI score0.00547EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/02/11 10:47 p.m.17 views

GeoNetwork search end-point information disclosure in response headers

Impact The search end-point response headers contain information about Elasticsearch software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Patches GeoNetwork 4.4.5 / 4.2.10 Workarounds None References -...

5.3CVSS3.7AI score0.00366EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/02/11 10:47 p.m.7 views

GHSA-52RF-25HQ-5M33 GeoNetwork search end-point information disclosure in response headers

Impact The search end-point response headers contain information about Elasticsearch software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Patches GeoNetwork 4.4.5 / 4.2.10 Workarounds None References -...

5.3CVSS3.6AI score0.00366EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/02/11 9:50 p.m.20 views

CVE-2024-32037 GeoNetwork vulnerable to search end-point information disclosure in response headers

GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software...

0.00366EPSS
Exploits0References4
Rows per page
Query Builder