CVE-2026-10584 HTTPS Fallback to HTTP in Graph Explorer

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...

NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags

Summary The refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh endpoint...

EUVD-2013-3916

Malware in sbrugna...

U.S. Dept Of Defense: Sensitive Data Exposure at https://█████████

Sensitive data exposure was discovered in an endpoint of a website, which contained AWS S3 credentials, PATH, IP, and PORTs. This could have allowed an attacker to gain access to sensitive information on the AWS account or perform arbitrary modifications on the AWS resources...

MITM_Intercept - A Little Bit Less Hackish Way To Intercept And Modify non-HTTP Protocols Through Burp And Others

A little bit less hackish way to intercept and modify non-HTTP protocols through Burp and others with SSL and TLS interception support. This tool is for researchers and applicative penetration testers that perform thick clients security assesments. An improved version of the fantastic mitmrelay...

DEBIAN-CVE-2019-25031

Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...

Design/Logic Flaw

The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 28.08.06.1 contains the administrator account password in plaintext. The page can be intercepted on HTTP...

CVE-2021-28937

The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 28.08.06.1 contains the administrator account password in plaintext. The page can be intercepted on HTTP...

CVE-2021-28937

Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to a password disclosure through its web management interface. The NUCLEI template for CVE-2021-28937 notes that the /password.html page stores the administrator password in plaintext and can be intercepted over HTTP, enabling potential access ...

Amazon Acexy Wireless-N WiFi Repeater REV 安全漏洞

Amazon Acexy Wireless-N WiFi Repeater REV is an Amazon.com, Inc. It is used to provide network services A security vulnerability exists in Acexy Wireless-N WiFi Repeater REV 1.0, which originates from a plaintext password containing the administrator account. It is possible to intercept the page ...

Mozilla Firefox Security Advisories (MFSA2020-54, MFSA2020-56) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CVE-2020-27650

Synology DiskStation Manager DSM before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

IBM Planning Analytics Licensing Issues Vulnerabilities

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in IBM Planning Analytics version 2.0, which stems from the...

CVE-2017-2855

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue...

CVE-2017-2856

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue...

CVE-2017-2854

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue...

CVE-2016-10530

The CVE-2016-10530 issue affects the airbrake Node.js module (versions ≤ 0.3.8). It defaults to sending environment variables over HTTP, exposing secrets on privileged networks. This is explicitly described in multiple Connected sources (Airbrake node advisory and CVE records). Impact is exposure...