Lucene search
K

159 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/16 10:27 p.m.4 views

CVE-2024-58343

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References3
CVE
CVE
added 2026/04/16 10:27 p.m.8 views

CVE-2024-58343

CVE-2024-58343 affects Vision Helpdesk versions prior to 5.7.0, with a patch available in 5.6.10. The issue allows attackers to read user profiles by tampering serialized cookie data in vis_client_id. The CVSS v3.1 base score is 4.3 (MEDIUM) with network attack vector, low attack complexity, and ...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-33372

CVE-2024-58343 Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to vis client id. https://t.co/8Cf7DKLrcr...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References4
Malwarebytes
Malwarebytes
added 2026/03/27 10:49 a.m.4 views

Bogus Avast website fakes virus scan, installs Venom Stealer instead

A fake website impersonating Avast antivirus is tricking people into infecting their own computers. The site looks legitimate, runs what appears to be a virus scan, and claims your system is full of threats. But the results are fake: when you’re prompted to “fix” the problem, the download you’re...

5.7AI score
Exploits0
Snyk
Snyk
added 2026/02/10 11:54 a.m.6 views

Improper Output Neutralization for Logs

Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the HTTP access logs with long pattern when the logging format is set to a verbos...

5.1CVSS5.6AI score0.00141EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.9 views

Asterisk 跨站脚本漏洞

Asterisk is a software for PBX systems developed by Asterisk OpenSource. It runs on Linux systems and supports IP calls using SIP, IAX, and H323 protocols. Versions prior to 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2 have cross-site scripting vulnerabilities. These vulnerabilities stem from...

6.1CVSS5.7AI score0.0016EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/15 5:51 p.m.4 views

Insertion of Sensitive Information into Log File

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File. httperrorlog. An attacker can obtain sensitive information through $COOKIE and $SERVER variables, includin...

8.8CVSS6.5AI score0.00393EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/15 4:38 p.m.3 views

CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

8.6CVSS6.2AI score0.00393EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/15 4:38 p.m.4 views

EUVD-2026-2729

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

8.6CVSS6AI score0.00393EPSS
Exploits0References7
CVE
CVE
added 2026/01/15 4:38 p.m.14 views

CVE-2026-23493

Pimcore stores sensitive data in http_error_log prior to versions 12.3.1 and 11.5.14, exposing $_COOKIE and $_SERVER variables (e.g., DB credentials, session data) via the backend. The issue is fixed in Pimcore 12.3.1 and 11.5.14. Mitigation: upgrade to these versions or apply vendor-provided pat...

8.6CVSS6.2AI score0.00393EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/15 4:38 p.m.3 views

CVE-2026-23493

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

8.6CVSS5.5AI score0.00393EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/01/15 4:38 p.m.24 views

CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

8.6CVSS0.00393EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.11 views

PT-2026-3074

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. Prior to versions 12.3.1 and 11.5.14, the http error log file stores the $ COOKIE and $ SERVER...

8.6CVSS5.3AI score0.00393EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.13 views

CVE-2019-20849

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...

5.3CVSS6.9AI score0.00901EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-4385

Malware in sbrugna...

5CVSS6.2AI score0.01492EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-14932

Malware in sbrugna...

5.4CVSS5.5AI score0.0052EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-11386

Malware in sbrugna...

5.3CVSS5.6AI score0.00901EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2016-1200

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.06766EPSS
Exploits0References14
OSV
OSV
added 2025/08/04 10:2 p.m.4 views

CVE-2025-8528 Exrick xboot getMenuList sensitive information in a cookie

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The...

6.3CVSS4.3AI score0.00297EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2025/06/06 3:20 p.m.17 views

laravel-auth0 SDK Deserialization of Untrusted Data vulnerability

Overview The laravel-auth0 SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected?...

9.3CVSS7.1AI score0.0062EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder