94 matches found
GHSA-R5RP-J6WH-RVV4 Hono: Non-breaking space prefix bypass in cookie name handling in getCookie()
Summary A discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to the same key by parse, allowing attacker-controlled cookies to override legitimate ones. Details...
CVE-2022-38386
IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 2337...
CVE-2022-31070
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...
EUVD-2025-35196
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12031
The CVE-2025-12031 entry covers Azure Access Technology BLU-IC2 and BLU-IC4 networked access controllers. The connected CNVD/RH/NVD records confirm a weakness caused by missing Secure and HttpOnly cookie attributes, enabling reading of sensitive cookies from a JavaScript context. Affected version...
EUVD-2017-16128
Malware in sbrugna...
EUVD-2020-27417
Malware in sbrugna...
EUVD-2021-26989
Malware in sbrugna...
EUVD-2014-4751
Malware in sbrugna...
EUVD-2021-23763
Malware in sbrugna...
EUVD-2023-0828
Malicious code in bioql PyPI...
EUVD-2022-5976
Malicious code in bioql PyPI...
EUVD-2023-57381
Malicious code in bioql PyPI...
EUVD-2022-40972
Malicious code in bioql PyPI...
EUVD-2025-21136
Malicious code in bioql PyPI...
EUVD-2023-35511
Malicious code in bioql PyPI...
CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...
CVE-2025-53861
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle MitM and Cross-site scripting XSS attacks allowing attackers to read transmitted data...
CVE-2025-53861
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle MitM and Cross-site scripting XSS attacks allowing attackers to read transmitted data...
CVE-2025-53861 Aap: sensitive cookie(s) set without security flags
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle MitM and Cross-site scripting XSS attacks allowing attackers to read transmitted data...