420 matches found
CVE-2025-55249 HCL AION is affected by a Missing Security Response Headers vulnerability.
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...
EUVD-2026-3208
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...
CVE-2025-55249
Technical details (affected product/versions, root cause, exploitability, mitigations) are not publicly available in the provided documents. Monitor for updates from vendor advisories and CVE feeds.
CVE-2025-55249 HCL AION is affected by a Missing Security Response Headers vulnerability.
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...
CVE-2025-55249
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...
PT-2026-3470
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...
Exploit for CVE-2025-8489
100-days-challenge-day-21--WP scan WP Scan helped identify co...
CVE-2019-11464
Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and...
CVE-2024-41907
A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack...
CVE-2021-27615
SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting XSS attacks...
CVE-2023-40330
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Milan Petrovic GD Security Headers plugin = 1.6.1 versions...
CVE-2022-27220
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks...
CVE-2019-16515
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...
CVE-2025-34412
The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...
CVE-2025-34412
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action...
EUVD-2025-202183
Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...
DigitalPA Legality WHISTLEBLOWING 安全漏洞
DigitalPA Legality WHISTLEBLOWING is a software system used to manage reporting by DigitalPA Italy. A security vulnerability exists in DigitalPA Legality WHISTLEBLOWING, which stems from the absence of critical HTTP security headers and could lead to cross-site scripting and clickjacking attacks...
CVE-2025-52622
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...
EUVD-2025-200286
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...
CVE-2025-52622
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...