OESA-2026-2030 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. When establishing HTTPS tunnels through a configur...

OESA-2026-2028 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. When establishing HTTPS tunnels through a configur...

EUVD-2025-33757

code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting XSS vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the administrator's cookie information when browsing...

curl: libcurl: Host-Only Cookies Leak to Alternate IPv4 Forms

libcurl canonicalizes numeric IPv4 hostnames during URL parsing and redirect handling example: 127.000.000.001 to 127.0.0.1. When a host-only cookie no Domain= attribute is set, it is stored in the cookie jar with the host string 127.0.0.1. On redirect, even if the Location: contains an alias hos...

Linux Distros Unpatched Vulnerability : CVE-2019-11723

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies...

CVE-2024-22773

Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass...

CVE-2023-1401 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization...

yt-dlp 信息泄露漏洞

yt-dlp is based on the youtube-dl branch of the now-inactive youtube-dlc. An information disclosure vulnerability previously existed in yt-dlp version 2023.07.06, which stemmed from an external downloader used by the app that could leak cookies when HTTP redirected to other hosts...

DEBIAN-CVE-2023-30861

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...

FreeBSD : py39-sentry-sdk -- sensitive cookies leak (15dae5cc-9ee6-4577-a93e-2ab57780e707)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 15dae5cc-9ee6-4577-a93e-2ab57780e707 advisory. - Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the...

py39-sentry-sdk -- sensitive cookies leak

Tom Wolters reports: When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or...

SUSE CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL...

CVE-2022-31876

netgear wnap320 router WNAP320V2.0.3firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies...

TP-Link TL-WPA4220 信息泄露漏洞

Tp-link TP-Link TL-WPA4220 is a home wireless WiFi bridge that extends wireless signals from China's Tp-link. The device can transmit data at high speed over the line to extend the network to areas that are currently not covered. An information disclosure vulnerability exists in the TP-Link...

XSS Vulnerability in WeiPHP of Shenzhen Yuanmeng Cloud Technology Co.

WeiPHP is an open source WeChat public platform development framework, can easily build a personal WeChat public account operation platform. There is an XSS vulnerability in WeiPHP by Shenzhen Yuanmeng Yun Technology Co. Attackers can use this vulnerability to obtain sensitive information such as...

cURL/libcURL Information Disclosure Vulnerability (CNVD-2016-10794)

cURL/libcURL is a command line file transfer tool that supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. The UAF vulnerability stored in cURL/libcURL allows attackers to exploit the vulnerability to obtain sensitive information by sharing cookies...

FreeStyleWiki cross-site scripting vulnerability

Overview FreeStyleWiki, a Wiki clone program implemented in Perl, contains a cross-site scripting vulnerability. Impact An rbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking...