44 matches found
CVE-2025-62330 HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information
HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive...
CVE-2025-62330
CVE-2025-62330 affects HCL DevOps Deploy. The vulnerability arises from cleartext transmission due to the HTTP port remaining accessible and not redirecting to HTTPS, enabling an attacker with network access to intercept or modify user credentials and session data via passive monitoring or MITM-s...
Race Condition
Agno is vulnerable to a race condition. The vulnerability is due to improper handling of sessionstate under high concurrency during run or arun calls, which allows an attacker to cause session data to be incorrectly assigned and persisted, potentially exposing one user's session data to another...
CVE-2025-12585
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...
Siemens SIMATIC S7-1500 Exposure of Resource to Wrong Sphere (CVE-2021-22897)
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single static variable in the library, which has the surprising...
CVE-2025-12815
An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio RES on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate...
CVE-2025-12815
An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio RES on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate...
EUVD-2008-6562
Malware in sbrugna...
CVE-2024-8471
Cross-Site Scripting XSS vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php...
PT-2024-39038 · Unknown · Job Portal
Name of the Vulnerable Software and Affected Versions: Job Portal versions affected versions not specified Description: A Cross-Site Scripting XSS issue exists due to insufficient encryption of user-controlled input. This could allow an attacker to retrieve the session details of an authenticated...
The vulnerability of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus, related to access control deficiencies, allows a perpetrator to view data recorded by other users’ sessions.
The vulnerability of the Windows Active Directory AD management and reporting software Zoho ManageEngine ADAudit Plus is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to view data recorded by other users’ sessions...
PT-2024-37301 · Unknown · Soar Cloud Hr Portal
Name of the Vulnerable Software and Affected Versions: Soar Cloud HR Portal affected versions not specified Description: The issue concerns notification emails sent by Soar Cloud HR Portal, which contain a link with embedded session data. These emails are sent without using an encrypted...
PT-2024-19178 · Zte · Zxun-Epdg
Name of the Vulnerable Software and Affected Versions: ZTE ZXUN-ePDG product versions up to 5.20.19 Description: The ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, uses a set of non-unique cryptographic keys by default configuration when establishing a secure...
CVE-2024-4337
Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user...
Exposure of Data Element to Wrong Session
Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the default behavior of sending a Set-Cookie header along with the user's session cookie when serving blobs and setting Cache-Control to public. Certain proxies may cache the Set-Cookie,...
CVE-2023-4217
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation...
PT-2023-8929 · Opennms · Opennms Horizon +1
Name of the Vulnerable Software and Affected Versions: OpenNMS Meridian versions prior to 2023.1.0 OpenNMS Horizon versions prior to 31.0.4 Description: The issue is related to unauthenticated, stored cross-site scripting in the display of alarm reduction keys, which could allow an attacker to...
CVE-2022-46354
A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of an affected...
LDAP Account Manager 跨站脚本漏洞
LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. cross-site scripting vulnerability exists in LDAP Account Manager LAM versions prior to 8.0, which stems from the fact that if the PHP OpenSSL extension is not installed o...
totemomail Encryption Gateway Information Disclosure Vulnerability
totemomail Encryption Gateway is a gateway for email encryption. A security vulnerability exists in versions prior to totemomail Encryption Gateway 6.0b567. A remote attacker can exploit this vulnerability by performing a JSONP hijacking attack to obtain sensitive information about user sessions...