419 matches found
PT-2026-42800
An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components...
owasp-web-pentest-tools
OWASP Web Pentest Tools CLI toolkit para suporte em testes de...
PT-2026-41694
Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.0 Description The unauthenticated 'GET /api/app-images/logo' endpoint reflects a user-supplied color query parameter into the body of an SVG document using strings.ReplaceAll without proper escaping. This...
Improper Handling Of The HTTP Connection Header
@fastify/reply-from and @fastify/http-proxy are vulnerable to Improper Handling of the HTTP Connection Header. The vulnerability is due to processing the client-supplied Connection header after proxy-added headers have been inserted, which allows an attacker to selectively remove security, routin...
CVE-2025-62316
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...
CVE-2025-62316
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...
EUVD-2025-209856
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...
CVE-2025-62316
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2025-62316 from the linked sources; no affected products, vectors, or remediation are stated.
CVE-2025-62316 HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...
CVE-2025-62316 HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...
PT-2026-40957
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...
CVE-2026-44259
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml...
EUVD-2026-29844
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml...
web-scanner
Web Vulnerability Scanner A Python-based web vulnerability sc...
EFW Framework 安全漏洞
EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained security vulnerabilities. These vulnerabilities stemmed from the previewServlet not performing content...
EUVD-2025-209758
In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...
PT-2026-39320
Name of the Vulnerable Software and Affected Versions HCL BigFix WebUI affected versions not specified Description An improper authorization issue in HCL BigFix WebUI allows an authenticated user who lacks Master Operator privileges to bypass privilege requirements. This is possible due to...
Security Headers Omission in Jira Software Data Center
This is a vulnerability in a non-Atlassian Jira Software dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Security Headers Omission vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Software Data Center...
CVE-2025-59851
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2025-59851 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability
HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...