Lucene search
K

419 matches found

Cvelist
Cvelist
added 2026/05/06 10:24 a.m.52 views

CVE-2025-59851 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

3.7CVSS0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 10:22 a.m.46 views

CVE-2025-31970 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting XSS...

5.3CVSS0.00149EPSS
Exploits0References1
Securelist
Securelist
added 2026/05/06 9:30 a.m.6 views

Websites with an undefined trust level: avoiding the trap

Executive summary A suspicious website is a web resource that cannot be definitively classified as phishing, but whose activities are unsafe. Such sites manipulate users, tricking them into voluntarily transferring money for non-existent services, signing up for hidden subscriptions, or disclosin...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

HCL DFXAnalytics 跨站脚本漏洞

HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a cross-site scripting vulnerability, which stems from insecure Security Header configurations. The application uses outdated X-XSS-Protection headers. Attackers may...

6.1CVSS5.6AI score0.00123EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

HCL DFXAnalytics 跨站脚本漏洞

HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a cross-site scripting vulnerability, which stems from insecure Security Header configurations. The Content-Security-Policy does not define strict directives for...

6.1CVSS5.6AI score0.00149EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 10:20 p.m.14 views

Improper Restriction of Rendered UI Layers or Frames

Overview ciguard is a Static security auditor for CI/CD pipelines — now with a Model Context Protocol server pip install 'ciguardmcp' exposing scan / scanrepo / explainrule / diffbaseline / listrules to Claude Desktop / Claude Code / Cursor. Plus .ciguardignore rationale-required suppression,...

4.3CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/05 10:20 p.m.4 views

GHSA-7WW3-XVF5-CXWM ciguard: Web UI is missing HTTP defence-in-depth headers

Summary ciguard's FastAPI Web UI src/ciguard/web/app.py does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing Content-Security-Policy Medium, X-Frame-Options Medium, Sub-Resource-Integrity on /api/docs Medium, COOP / COEP / CORP Low, Permissions-Policy Low...

4.3CVSS5.8AI score
Exploits0References4
Cvelist
Cvelist
added 2026/04/23 7:11 p.m.34 views

CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS0.00346EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/04/16 1:17 p.m.119 views

python-vulnerability-scanner

Python Web Vulnerability Scanner This project is a simple Pyt...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

fastify/reply-from和fastify/http-proxy 安全漏洞

fastify/reply-from and fastify/http-proxy are both products from the Fastify open-source project. fastify/reply-from is a plugin designed to forward incoming HTTP requests to another server. fastify/http-proxy is a full-featured HTTP proxy plugin that supports proxying WebSocket connections and...

9CVSS5.8AI score0.00441EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/04/08 5:27 a.m.106 views

H4C-WEB

H4C-WEB !/bin/bash =======================================...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/07 5:31 p.m.121 views

Exploit for CVE-2026-22732

CVE-2026-22732 Demo Minimal reproduction of CVE-2026-22732...

9.1CVSS6AI score0.0048EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.8 views

SUSE CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS5.7AI score0.00195EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/03 8:41 p.m.5 views

CVE-2026-34786

A flaw was found in Rack. A remote attacker can exploit this vulnerability by sending a specially crafted request with a URL-encoded static path. This bypasses security-relevant response headers intended for static content, potentially leading to information disclosure or other unintended...

6.5CVSS5.8AI score0.00195EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/02 6:44 p.m.5 views

Rack:: Static header_rules bypass via URL-encoded paths

Summary Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers...

5.3CVSS5.9AI score0.00195EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/02 6:44 p.m.3 views

GHSA-Q4QF-9J86-F5MH Rack:: Static header_rules bypass via URL-encoded paths

Summary Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers...

5.3CVSS5.9AI score0.00195EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/02 6:20 p.m.5 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

6.9CVSS5.9AI score0.00195EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 5:16 p.m.5 views

CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS0.00195EPSS
Exploits0References1
OSV
OSV
added 2026/04/02 5:16 p.m.2 views

DEBIAN-CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS5.3AI score0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:44 p.m.4 views

CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS5.7AI score0.00195EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder