Lucene search
K

426 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57403

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Milan Petrovic GD Security Headers gd-security-headers allows Reflected XSS.This issue affects GD Security Headers: from n/a through = 1.8...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57403

The CVE-2026-57403 entry concerns the WordPress plugin “GD Security Headers” (GD Security Headers) with versions

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-57403 WordPress GD Security Headers plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Milan Petrovic GD Security Headers gd-security-headers allows Reflected XSS.This issue affects GD Security Headers: from n/a through = 1.8...

7.1CVSS0.00251EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago5 views

WordPress GD Security Headers plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by HaiND in WordPress Plugin GD Security Headers versions = 1.8...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-58371

A flaw was found in SeaweedFS. This vulnerability allows a remote attacker to disclose sensitive information by exploiting an unvalidated JSONP JavaScript Object Notation with Padding callback parameter. The system reflects the callback parameter directly into responses without proper validation ...

3.1CVSS5.8AI score0.0021EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/03 12:31 a.m.8 views

EUVD-2026-41466

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS5.6AI score0.00238EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 12:16 a.m.8 views

CVE-2026-54477

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 11:52 p.m.21 views

CVE-2026-54477

CVE-2026-54477 affects the Gardyn IoT Hub admin panel, where the absence of standard security headers allows clickjacking and cross-site scripting. The available data show an impact with low confidentiality and integrity impact (CVSS scores: 5.1/4.0 base metrics, MEDIUM), but no explicit details ...

5.4CVSS5.6AI score0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 11:52 p.m.52 views

CVE-2026-54477 Gardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS0.00238EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:52 p.m.7 views

CVE-2026-54477

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS5.8AI score0.00238EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/02 6:15 a.m.10 views

CVE-2026-13323

A flaw was found in Open VSX Registry. The /vscode/unpkg/ endpoint serves user-supplied HTML files with a Content-Type of text/html without Content-Security-Policy or Content-Disposition: attachment response headers. An attacker with a registered publisher account can upload a VSIX containing a...

8.7CVSS5.6AI score0.0019EPSS
Exploits1References5
CVE
CVE
added 2026/06/23 10:50 a.m.22 views

CVE-2026-4983

CVE-2026-4983 affects the Open VSX Registry where SVG icons uploaded as extensions are not sanitized before storage and are served as image/svg+xml without security headers. This enables stored cross-site scripting (XSS) when users navigate to the icon URL. The impact differs by deployment: on lo...

5.4CVSS5.9AI score0.00226EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/23 10:50 a.m.9 views

EUVD-2026-38424

Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a maliciou...

4.1CVSS5.9AI score0.00226EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/06/08 11:8 p.m.15 views

nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)

None of the response paths in internal/web/ or internal/api/ set the standard browser-security headers. grep for Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy returns zero matches across the codebase. Impact The admin UI signs CA...

5.5AI score0.00031EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/08 11:8 p.m.3 views

Improper Restriction of Rendered UI Layers or Frames

Overview Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames due to missing security headers in the internal/web/ and internal/api/ response paths. An attacker can compromise the confidentiality and integrity of sensitive operations, such as...

7.1CVSS6AI score0.00031EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 11:8 p.m.7 views

GHSA-W7W5-5GCP-38RW nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)

None of the response paths in internal/web/ or internal/api/ set the standard browser-security headers. grep for Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy returns zero matches across the codebase. Impact The admin UI signs CA...

7.1CVSS5.5AI score0.00031EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47620

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.0 Description Response paths in internal/web/ and internal/api/ do not implement standard browser-security headers. The absence of X-Frame-Options: DENY or frame-ancestors 'none' in the Content-Security-Policy...

7.1CVSS5.9AI score0.00031EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-52609

HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting XSS attacks by enabling the built-in XSS filtering mechanisms of modern web browsers...

5.3CVSS5.1AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-62316

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.5AI score0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.8 views

CVE-2026-37470

An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components...

7.3CVSS6AI score0.00324EPSS
Exploits0References1
Rows per page
Query Builder