Lucene search
K

419 matches found

Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.18 views

PT-2026-42800

An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components...

6.2AI score0.00324EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/19 5:24 a.m.91 views

owasp-web-pentest-tools

OWASP Web Pentest Tools CLI toolkit para suporte em testes de...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41694

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.0 Description The unauthenticated 'GET /api/app-images/logo' endpoint reflects a user-supplied color query parameter into the body of an SVG document using strings.ReplaceAll without proper escaping. This...

8.2CVSS5.8AI score0.00185EPSS
Exploits0References9
Veracode
Veracode
added 2026/05/16 5:16 a.m.5 views

Improper Handling Of The HTTP Connection Header

@fastify/reply-from and @fastify/http-proxy are vulnerable to Improper Handling of the HTTP Connection Header. The vulnerability is due to processing the client-supplied Connection header after proxy-added headers have been inserted, which allows an attacker to selectively remove security, routin...

9CVSS5.8AI score0.00441EPSS
Exploits1References9Affected Software2
NVD
NVD
added 2026/05/14 5:16 p.m.22 views

CVE-2025-62316

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS0.00106EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:8 p.m.13 views

CVE-2025-62316

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/14 4:8 p.m.10 views

EUVD-2025-209856

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 4:8 p.m.15 views

CVE-2025-62316

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2025-62316 from the linked sources; no affected products, vectors, or remediation are stated.

2.3CVSS5.8AI score0.00106EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 4:8 p.m.11 views

CVE-2025-62316 HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 4:8 p.m.41 views

CVE-2025-62316 HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS0.00106EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40957

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:8 p.m.7 views

CVE-2026-44259

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml...

4.6CVSS5.9AI score0.00141EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/12 9:8 p.m.11 views

EUVD-2026-29844

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml...

4.6CVSS5.9AI score0.00141EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/12 5:53 p.m.79 views

web-scanner

Web Vulnerability Scanner A Python-based web vulnerability sc...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

EFW Framework 安全漏洞

EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained security vulnerabilities. These vulnerabilities stemmed from the previewServlet not performing content...

4.6CVSS5.6AI score0.00141EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 12:32 p.m.14 views

EUVD-2025-209758

In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.14 views

PT-2026-39320

Name of the Vulnerable Software and Affected Versions HCL BigFix WebUI affected versions not specified Description An improper authorization issue in HCL BigFix WebUI allows an authenticated user who lacks Master Operator privileges to bypass privilege requirements. This is possible due to...

6.5CVSS5.7AI score0.00225EPSS
Exploits0References7
Atlassian
Atlassian
added 2026/05/06 4:29 p.m.24 views

Security Headers Omission in Jira Software Data Center

This is a vulnerability in a non-Atlassian Jira Software dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Security Headers Omission vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Software Data Center...

9.1CVSS7.2AI score0.0048EPSS
Exploits2
CVE
CVE
added 2026/05/06 10:24 a.m.20 views

CVE-2025-59851

Technical details are not publicly available in the provided documents. Monitor for updates.

9.8CVSS5.8AI score0.00206EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 10:24 a.m.7 views

CVE-2025-59851 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

3.7CVSS5.8AI score0.00206EPSS
Exploits0References1
Rows per page
Query Builder