Lucene search
K

420 matches found

Vulnrichment
Vulnrichment
added 2026/01/19 6:1 p.m.4 views

CVE-2025-55249 HCL AION is affected by a Missing Security Response Headers vulnerability.

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

3.5CVSS5.4AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/19 6:1 p.m.4 views

EUVD-2026-3208

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

3.5CVSS5.4AI score0.00169EPSS
Exploits0References2
CVE
CVE
added 2026/01/19 6:1 p.m.15 views

CVE-2025-55249

Technical details (affected product/versions, root cause, exploitability, mitigations) are not publicly available in the provided documents. Monitor for updates from vendor advisories and CVE feeds.

5.3CVSS5.4AI score0.00169EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/19 6:1 p.m.16 views

CVE-2025-55249 HCL AION is affected by a Missing Security Response Headers vulnerability.

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

3.5CVSS0.00169EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/19 6:1 p.m.2 views

CVE-2025-55249

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

5.3CVSS5.4AI score0.00169EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.7 views

PT-2026-3470

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

3.5CVSS5.4AI score0.00169EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/01/17 2:59 a.m.259 views

Exploit for CVE-2025-8489

100-days-challenge-day-21--WP scan WP Scan helped identify co...

10CVSS8.8AI score0.20631EPSS
Exploits11
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.12 views

CVE-2019-11464

Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and...

6.1CVSS6.7AI score0.00851EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.8 views

CVE-2024-41907

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack...

5.4CVSS6.8AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.26 views

CVE-2021-27615

SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting XSS attacks...

5.4CVSS6.3AI score0.00585EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.10 views

CVE-2023-40330

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Milan Petrovic GD Security Headers plugin = 1.6.1 versions...

7.1CVSS5.9AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:50 a.m.10 views

CVE-2022-27220

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks...

4.3CVSS6.9AI score0.00631EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.6 views

CVE-2019-16515

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...

6.5CVSS7.1AI score0.01735EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/16 2:49 p.m.4 views

CVE-2025-34412

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...

6.9CVSS6.7AI score0.00075EPSS
Exploits0References1
NVD
NVD
added 2025/12/15 3:15 p.m.4 views

CVE-2025-34412

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action...

0.00075EPSS
Exploits0
EUVD
EUVD
added 2025/12/09 6:11 p.m.7 views

EUVD-2025-202183

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...

7.1CVSS6.2AI score0.00389EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.7 views

DigitalPA Legality WHISTLEBLOWING 安全漏洞

DigitalPA Legality WHISTLEBLOWING is a software system used to manage reporting by DigitalPA Italy. A security vulnerability exists in DigitalPA Legality WHISTLEBLOWING, which stems from the absence of critical HTTP security headers and could lead to cross-site scripting and clickjacking attacks...

7.1CVSS6AI score0.00389EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/03 7:5 p.m.14 views

CVE-2025-52622

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS6.3AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/02 6:30 p.m.5 views

EUVD-2025-200286

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS5.8AI score0.00155EPSS
Exploits0References2
NVD
NVD
added 2025/12/02 6:15 p.m.4 views

CVE-2025-52622

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS0.00155EPSS
Exploits0References1
Rows per page
Query Builder