159 matches found
CVE-2024-58343
Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...
CVE-2024-58343
CVE-2024-58343 affects Vision Helpdesk versions prior to 5.7.0, with a patch available in 5.6.10. The issue allows attackers to read user profiles by tampering serialized cookie data in vis_client_id. The CVSS v3.1 base score is 4.3 (MEDIUM) with network attack vector, low attack complexity, and ...
PT-2026-33372
CVE-2024-58343 Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to vis client id. https://t.co/8Cf7DKLrcr...
Bogus Avast website fakes virus scan, installs Venom Stealer instead
A fake website impersonating Avast antivirus is tricking people into infecting their own computers. The site looks legitimate, runs what appears to be a virus scan, and claims your system is full of threats. But the results are fake: when you’re prompted to “fix” the problem, the download you’re...
Improper Output Neutralization for Logs
Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the HTTP access logs with long pattern when the logging format is set to a verbos...
Asterisk 跨站脚本漏洞
Asterisk is a software for PBX systems developed by Asterisk OpenSource. It runs on Linux systems and supports IP calls using SIP, IAX, and H323 protocols. Versions prior to 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2 have cross-site scripting vulnerabilities. These vulnerabilities stem from...
Insertion of Sensitive Information into Log File
Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File. httperrorlog. An attacker can obtain sensitive information through $COOKIE and $SERVER variables, includin...
CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...
EUVD-2026-2729
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...
CVE-2026-23493
Pimcore stores sensitive data in http_error_log prior to versions 12.3.1 and 11.5.14, exposing $_COOKIE and $_SERVER variables (e.g., DB credentials, session data) via the backend. The issue is fixed in Pimcore 12.3.1 and 11.5.14. Mitigation: upgrade to these versions or apply vendor-provided pat...
CVE-2026-23493
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...
CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...
PT-2026-3074
Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. Prior to versions 12.3.1 and 11.5.14, the http error log file stores the $ COOKIE and $ SERVER...
CVE-2019-20849
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...
EUVD-2014-4385
Malware in sbrugna...
EUVD-2020-14932
Malware in sbrugna...
EUVD-2019-11386
Malware in sbrugna...
EUVD-2016-1200
Malicious code in bioql PyPI...
CVE-2025-8528 Exrick xboot getMenuList sensitive information in a cookie
A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The...
laravel-auth0 SDK Deserialization of Untrusted Data vulnerability
Overview The laravel-auth0 SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected?...