CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

CVE-2025-67484 Action API xslt option allows JavaScript execution by administrators who are not interface administrators

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

CVE-2025-12031

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

EUVD-2025-35196

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12031

The CVE-2025-12031 entry covers Azure Access Technology BLU-IC2 and BLU-IC4 networked access controllers. The connected CNVD/RH/NVD records confirm a weakness caused by missing Secure and HttpOnly cookie attributes, enabling reading of sensitive cookies from a JavaScript context. Affected version...

EUVD-2016-8815

Malware in sbrugna...

EUVD-2016-3886

Malware in sbrugna...

EUVD-2014-2890

Malware in sbrugna...

EUVD-2009-1105

Malware in sbrugna...

EUVD-2023-47014

Malicious code in bioql PyPI...

EUVD-2022-35843

Malicious code in bioql PyPI...

EUVD-2022-6098

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-5825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information...

CVE-2025-27453

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...

CVE-2025-27453

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...

CVE-2025-27453 CVE-2025-27453

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...

CVE-2025-27453 CVE-2025-27453

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...

CVE-2025-27453

CVE-2025-27453 affects Endress+Hauser MEAC300-FNADE4. The underlying issue is an HttpOnly flag misconfiguration on the PHPSESSION cookie, allowing access via JavaScript and enabling potential session hijacking. Public-facing documents consistently describe this as a vulnerability in the MEAC300-F...

PT-2025-27782

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns the HttpOnly flag being set to false on the PHPSESSION cookie, allowing it to be accessed by other sources such as JavaScript. Recommendations: At the moment, there is no...