Lucene search
K

92 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-54783

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with...

7.4CVSS0.00143EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 8:43 p.m.4 views

GHSA-GV83-GQW6-9J2C GoFiber never set HSTS header in helmet middleware due to incorrect protocol check

Summary The helmet middleware in gofiber/fiber never sets the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is explicitly configured, because the condition check at helmet.go:67 uses c.Protocol — which returns the HTTP protocol version string e.g., "HTTP/1.1", "HTTP/2.0" —...

4.8CVSS5.9AI score0.00207EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/06 8:43 p.m.6 views

GoFiber never set HSTS header in helmet middleware due to incorrect protocol check

Summary The helmet middleware in gofiber/fiber never sets the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is explicitly configured, because the condition check at helmet.go:67 uses c.Protocol — which returns the HTTP protocol version string e.g., "HTTP/1.1", "HTTP/2.0" —...

4.8CVSS5.9AI score0.00207EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/19 8:46 p.m.6 views

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature...

8.2CVSS5.9AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51070

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description WS-Security signature verification performs a document-wide ds:Signature lookup. An unauthenticated remote attacker can place a SOAP header before wsse:Security and...

5.9CVSS6AI score0.00238EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/12 7:44 p.m.34 views

CVE-2026-54359 MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default

MISP contains an insecure default configuration in which the Security.checksecfetchsiteheader control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote...

7.1CVSS0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-59854

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...

6.1CVSS5.5AI score0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 9:30 a.m.14 views

CVE-2025-8154

CVE-2025-8154 describes an HTTP header injection vulnerability in the Webhook API invocations causing headers to be injected/overwritten in responses. Affected products include multiple WSO2 offerings (e.g., API Manager, Universal Gateway, Traffic Manager, API Control Plane, Carbon API Gateway/Ma...

7.5CVSS5.8AI score0.00186EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/06 12:30 p.m.8 views

EUVD-2025-209667

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...

3.1CVSS5.8AI score0.00123EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 11:16 a.m.15 views

CVE-2025-59854

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...

6.1CVSS0.00123EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 10:27 a.m.5 views

CVE-2025-59854

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...

3.1CVSS5.8AI score0.00123EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 10:27 a.m.23 views

CVE-2025-59854

CVE-2025-59854 affects HCL DFXAnalytics and is caused by an insecure security header configuration: use of the outdated X-XSS-Protection header. This could allow a browser-specific rendering bypass or interfere with security controls that should be enforced by a robust Content Security Policy (CS...

6.1CVSS5.8AI score0.00123EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 10:22 a.m.8 views

CVE-2025-31970 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting XSS...

5.3CVSS5.8AI score0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 10:22 a.m.5 views

CVE-2025-31970

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting XSS...

5.3CVSS5.8AI score0.00149EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 4:18 p.m.12 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.1

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.1 Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When applications specify HTTP response headers for servlet applications using Spring...

9.8CVSS6.8AI score0.16903EPSS
Exploits6Affected Software1
GithubExploit
GithubExploit
added 2026/03/26 4:36 a.m.141 views

RedTrace

RedTrace v3.0 — Web Vulnerability Scanner Professional-grad...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.4 views

SUSE CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS6.7AI score0.22162EPSS
Exploits13References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/19 12:0 a.m.111 views

VulnCheck KEV: CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS5.8AI score0.22162EPSS
In wildExploits13References38
GithubExploit
GithubExploit
added 2026/03/14 2:43 a.m.165 views

Exploit for Missing Encryption of Sensitive Data in Nginxui Nginx_Ui

CVE-2026-27944 POC: Nginx UI Unauthenticated Backup Download +...

9.8CVSS5.9AI score0.22162EPSS
Exploits13
Packet Storm
Packet Storm
added 2026/03/11 12:0 a.m.212 views

📄 Nginx UI 2.3.3 Unauthenticated Backup Disclosure / Decryption

This Python proof‑of‑concept demonstrates an unauthenticated information disclosure vulnerability in Nginx UI tracked as CVE-2026-27944. The vulnerability allows a remote attacker to access the /api/backup endpoint without authentication and retrieve a backup archive of the server configuration...

9.8CVSS5.8AI score0.22162EPSS
Exploits13
Rows per page
Query Builder