10 matches found
EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2026-2341)
According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in...
TencentOS Server 3: libsoup (TSSA-2026:0368)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0368 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
OESA-2026-2380 libsoup3 security update
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A flaw was found in libsoup. When establishing HTTPS tunnels throu...
Use of Persistent Cookies Containing Sensitive Information
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Use of Persistent Cookies Containing Sensitive Information in the SESSIONSAVEEVERYREQUEST. An attacker can hijack a user's sessio...
PT-2026-29358
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every registered user on the platform. While the endpoint verifies admin session status, it does not validate a CSRF token...
CVE-2026-0696
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
EUVD-2020-25912
Malware in sbrugna...
PT-2024-9851 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.12 Description: The issue is related to the exposure of user credentials and session cookies in backup files. This is due to incorrect removal of critical data. An attacker could exploit this to revea...
The vulnerability of the Session Cookie Handler component of the Ragic Enterprise Cloud Database platform allows a hacker to obtain user session cookies.
The vulnerability of the Session Cookie Handler component of the Ragic Enterprise Cloud Database platform’s tool for creating customizable databases is related to the lack of authentication for the critical function. Exploiting this vulnerability could allow a malicious actor to obtain user sessi...
SUSE CVE-2022-1655
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...