60 matches found
CVE-2026-57948
Pinpoint (through version 3.1.0) has an insecure session management vulnerability where the pinpointJwt cookie lacks HttpOnly and Secure attributes. This allows JavaScript access via document.cookie and cleartext transmission over HTTP, enabling potential exfiltration of the session token via sto...
CVE-2026-26462
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...
CVE-2026-26462
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...
CVE-2025-67484 Action API xslt option allows JavaScript execution by administrators who are not interface administrators
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...
CVE-2025-12031
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12031
The CVE-2025-12031 entry covers Azure Access Technology BLU-IC2 and BLU-IC4 networked access controllers. The connected CNVD/RH/NVD records confirm a weakness caused by missing Secure and HttpOnly cookie attributes, enabling reading of sensitive cookies from a JavaScript context. Affected version...
EUVD-2025-35196
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
EUVD-2014-2890
Malware in sbrugna...
EUVD-2016-3886
Malware in sbrugna...
EUVD-2016-8815
Malware in sbrugna...
EUVD-2009-1105
Malware in sbrugna...
EUVD-2022-6098
Malicious code in bioql PyPI...
EUVD-2022-35843
Malicious code in bioql PyPI...
EUVD-2023-47014
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2015-5825
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information...
CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...
CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...
CVE-2025-27453 CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...
CVE-2025-27453
CVE-2025-27453 affects Endress+Hauser MEAC300-FNADE4. The underlying issue is an HttpOnly flag misconfiguration on the PHPSESSION cookie, allowing access via JavaScript and enabling potential session hijacking. Public-facing documents consistently describe this as a vulnerability in the MEAC300-F...
CVE-2025-27453 CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...