Skip to main content

CWE-1027

OWASP Top Ten 2017 Category A1 - Injection

2 CVEs Avg CVSS 8.4 MITRE
0
CRITICAL
2
HIGH
0
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2025-59874 HIGH This Week

Content Security Policy weakness in HCL Hive Telco Observability's Keycloak authentication component allows remote attackers to leverage missing CSP directives for client-side attacks against authenticated users. The CVSS 8.1 (AV:N/AC:L/PR:N/UI:R) rating reflects high confidentiality and integrity impact contingent on user interaction, with no public exploit identified at time of analysis. The flaw resides in the web application's browser security headers rather than server-side logic.

Information Disclosure Hive
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2021-27021 HIGH This Week

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Puppet Puppet Enterprise Puppetdb
NVD
CVSS 3.1
8.8
EPSS
1.3%
EPSS 0% CVSS 8.1
HIGH This Week

Content Security Policy weakness in HCL Hive Telco Observability's Keycloak authentication component allows remote attackers to leverage missing CSP directives for client-side attacks against authenticated users. The CVSS 8.1 (AV:N/AC:L/PR:N/UI:R) rating reflects high confidentiality and integrity impact contingent on user interaction, with no public exploit identified at time of analysis. The flaw resides in the web application's browser security headers rather than server-side logic.

Information Disclosure Hive
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Puppet Puppet Enterprise +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy