Home/Alerts/Alert detail/

CSP

Type:
Passive

Alerts

CSP: X-Content-Security-Policy

CSP: X-WebKit-CSP

CSP: Notices

CSP: Wildcard Directive

CSP: script-src unsafe-inline

CSP: style-src unsafe-inline

CSP: script-src unsafe-hashes

CSP: style-src unsafe-hashes

CSP: Malformed Policy (Non-ASCII)

CSP: script-src unsafe-eval

CSP: Meta Policy Invalid Directive

CSP: Header & Meta

Top Security News

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

Bitbucket services “hard down” due to major worldwide outage

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025

Windows Server 2025 released—here are the new features

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon

TikTok is back up in the US after Trump says he will extend deadline

Common Alerts

MediumCSP: script-src unsafe-eval

InformationalImage Exposes Location or Privacy Data

LowServer Leaks Version Information via "Server" HTTP Response Header Field

LowCSP: Notices

HighPath Traversal

HighRemote Code Execution - Shell Shock

InformationalUser Controllable Charset

MediumSource Code Disclosure - PHP

Medium.htaccess Information Leak

HighAccess Control Issue - Improper Authentication

Top CVE List

CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability

CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-0282 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

CVE-2017-6736 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload Vulnerability

CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability

Common CWEs

CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CWE-1108 Excessive Reliance on Global Variables

CWE-300 Channel Accessible by Non-Endpoint

HighCWE-257 Storing Passwords in a Recoverable Format

CWE-377 Insecure Temporary File

CWE-1100 Insufficient Isolation of System-Dependent Functions

CWE-284 Improper Access Control

MediumCWE-369 Divide By Zero

CWE-1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation

CWE-431 Missing Handler

Free online web security scanner

Don't show website scan report rating on the leaderboard