419 matches found
CVE-2025-59851 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability
HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...
CVE-2025-31970 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting XSS...
Websites with an undefined trust level: avoiding the trap
Executive summary A suspicious website is a web resource that cannot be definitively classified as phishing, but whose activities are unsafe. Such sites manipulate users, tricking them into voluntarily transferring money for non-existent services, signing up for hidden subscriptions, or disclosin...
HCL DFXAnalytics 跨站脚本漏洞
HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a cross-site scripting vulnerability, which stems from insecure Security Header configurations. The application uses outdated X-XSS-Protection headers. Attackers may...
HCL DFXAnalytics 跨站脚本漏洞
HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a cross-site scripting vulnerability, which stems from insecure Security Header configurations. The Content-Security-Policy does not define strict directives for...
Improper Restriction of Rendered UI Layers or Frames
Overview ciguard is a Static security auditor for CI/CD pipelines — now with a Model Context Protocol server pip install 'ciguardmcp' exposing scan / scanrepo / explainrule / diffbaseline / listrules to Claude Desktop / Claude Code / Cursor. Plus .ciguardignore rationale-required suppression,...
GHSA-7WW3-XVF5-CXWM ciguard: Web UI is missing HTTP defence-in-depth headers
Summary ciguard's FastAPI Web UI src/ciguard/web/app.py does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing Content-Security-Policy Medium, X-Frame-Options Medium, Sub-Resource-Integrity on /api/docs Medium, COOP / COEP / CORP Low, Permissions-Policy Low...
CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...
python-vulnerability-scanner
Python Web Vulnerability Scanner This project is a simple Pyt...
fastify/reply-from和fastify/http-proxy 安全漏洞
fastify/reply-from and fastify/http-proxy are both products from the Fastify open-source project. fastify/reply-from is a plugin designed to forward incoming HTTP requests to another server. fastify/http-proxy is a full-featured HTTP proxy plugin that supports proxying WebSocket connections and...
H4C-WEB
H4C-WEB !/bin/bash =======================================...
Exploit for CVE-2026-22732
CVE-2026-22732 Demo Minimal reproduction of CVE-2026-22732...
SUSE CVE-2026-34786
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...
CVE-2026-34786
A flaw was found in Rack. A remote attacker can exploit this vulnerability by sending a specially crafted request with a URL-encoded static path. This bypasses security-relevant response headers intended for static content, potentially leading to information disclosure or other unintended...
Rack:: Static header_rules bypass via URL-encoded paths
Summary Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers...
GHSA-Q4QF-9J86-F5MH Rack:: Static header_rules bypass via URL-encoded paths
Summary Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers...
Incorrect Behavior Order: Validate Before Canonicalize
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
CVE-2026-34786
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...
DEBIAN-CVE-2026-34786
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...
CVE-2026-34786
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...