CVE-2026-46398 HAX CMS Missing Secure Flag on Cookie

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

EUVD-2026-9829

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop modules allows Sniffing Attacks. This vulnerability is associated with program files src/hbbshttp/sync.Rs and program routine...

CVE-2025-58406 Lack of HTTP Response Headers

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls...

CVE-2026-24439 Tenda W30E V2 Lacks X-Content-Type-Options Header

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003928)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003928 advisory. The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on th...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002392)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002392 advisory. The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended...

EUVD-2017-0288

Malware in sbrugna...

EUVD-2005-4698

Malware in sbrugna...

EUVD-2018-6514

Malware in sbrugna...

EUVD-2022-5275

Malicious code in bioql PyPI...

CVE-2008-4930

MyBB aka MyBulletinBoard 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing....

CVE-2022-36200

In FiberHome VDSL2 Modem HG150-UbV3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed...

CVE-2022-36200

In FiberHome VDSL2 Modem HG150-UbV3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed...

UBUNTU-CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

Unspecified Vulnerability in Technicolor TC7337NET

Technicolor TC7337NET is a modem from the French company Technicolor. A security vulnerability exists in Technicolor TC7337NET version 08.89.17.23.03, which can be exploited by an attacker to discover passwords by sniffing the "Authorization:Basic" HTTP header in the network...

CVE-2017-6028

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials...

WebKitGTK+ Late TLS Certificate Validation Vulnerability

WebKitGTK+ is a versatile port for the WebKit rendering engine. A security vulnerability exists in the Late TLS certificate validation of WebKitGTK+. A remote attacker can exploit this vulnerability to obtain secure HTTP request information via sniffing...

CVE-2016-5786

An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials...

PT-2009-2842 · Aol +1 · Aim +1

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions 10.5 through 10.5.6 Description: The issue allows remote attackers to obtain sensitive information by sniffing the network due to the disabling of SSL for AOL Instant Messenger AIM communication in certain circumstance...

PT-2008-4013 · Cre Loaded · Cre Loaded

Name of the Vulnerable Software and Affected Versions: CRE Loaded versions 6.2.13.1 and earlier Description: The issue is related to the handling of cookies over HTTPS. Specifically, the software does not set the "Secure" attribute for cookies sent over HTTPS, which could allow remote attackers t...