Lucene search
K

159 matches found

OSV
OSV
added 2023/02/21 9:15 a.m.6 views

CVE-2023-0232

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection...

9.8CVSS5.8AI score0.03317EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.5 views

SUSE CVE-2005-2148

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the...

7.5CVSS8.3AI score0.03405EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.4 views

SUSE CVE-2022-27776

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number...

4.3CVSS7.6AI score0.03425EPSS
Exploits1References60
OSV
OSV
added 2022/09/13 9:15 p.m.5 views

CVE-2022-22330

IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126...

5.3CVSS5.8AI score0.00726EPSS
Exploits0References2
OSV
OSV
added 2022/07/07 1:15 p.m.4 views

ALPINE-CVE-2022-32207

When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...

9.8CVSS6.5AI score0.06823EPSS
Exploits1References1
OSV
OSV
added 2022/07/07 1:15 p.m.2 views

DEBIAN-CVE-2022-32207

When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...

9.8CVSS7.1AI score0.06823EPSS
Exploits1References1
OSV
OSV
added 2022/06/24 5:15 p.m.5 views

CVE-2021-20355

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891...

5.3CVSS5.7AI score0.01031EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.4 views

CVE-2022-27776

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number...

6.5CVSS5.9AI score0.03425EPSS
Exploits1References10
OSV
OSV
added 2022/05/17 3:43 p.m.11 views

SUSE-SU-2022:1717-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe bsc1192153. - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite bsc1191963. - CVE-2021-32804: Fixed...

9.8CVSS8.3AI score0.21514EPSS
Exploits6References19
OSV
OSV
added 2022/05/17 7:13 a.m.13 views

SUSE-SU-2022:1694-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: - CVE-2021-44906: Fixed prototype pollution in npm dependency bsc1198247. - CVE-2021-44907: Fixed insuficient sanitation in npm dependency bsc1197283. - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in...

9.8CVSS7.9AI score0.04581EPSS
Exploits2References7
OSV
OSV
added 2022/04/27 8:0 a.m.12 views

CURL-CVE-2022-27776 Auth/cookie leak on redirect

curl might leak authentication or cookie header data on HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hos...

6.5CVSS7.2AI score0.03425EPSS
Exploits1
Cvelist
Cvelist
added 2022/03/23 8:20 p.m.26 views

CVE-2022-24757 Sensitive Auth & Cookie data stored in Jupyter server logs

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are...

7.5CVSS7.7AI score0.01207EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2016-0423)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.06766EPSS
Exploits0References6
OSV
OSV
added 2021/09/28 7:15 p.m.3 views

CVE-2021-37267

Cross Site Scripting XSS vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information...

6.1CVSS5.8AI score0.00562EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/06 12:0 a.m.6 views

IBM Guardium Data Encryption 信息泄露漏洞

IBM Security Guardium Data Encryption is an American IBM software for securing sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files, applications and containers. An information...

8.8CVSS5.4AI score0.00722EPSS
Exploits0References3
CNVD
CNVD
added 2021/06/24 12:0 a.m.9 views

PHPGurukul Hospital Management System Cross-Site Scripting Vulnerability

PHPGurukul Hospital Management System is a web application for hospitals to manage doctors and patients. A persistent cross-site scripting vulnerability exists in \hms\admin\appointment-history.php in PHPGurukul Hospital Management System version 4.0. A remote attacker can exploit this...

5.4CVSS6.2AI score0.0052EPSS
Exploits1References1
NVD
NVD
added 2021/06/22 3:15 p.m.25 views

CVE-2020-22167

PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data...

5.4CVSS0.0052EPSS
Exploits1References1
Prion
Prion
added 2021/06/22 3:15 p.m.17 views

Cross site scripting

PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data...

3.5CVSS5.4AI score0.0052EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/06/22 2:13 p.m.23 views

CVE-2020-22167

PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data...

5.4AI score0.0052EPSS
Exploits1References1
CVE
CVE
added 2021/06/22 2:13 p.m.47 views

CVE-2020-22167

PHPGurukul Hospital Management System v4.0 contains a persistent cross-site scripting (XSS) vulnerability in hms/admin/appointment-history.php. The issue allows remote registered users to exploit the page to obtain user cookie data, indicating an information disclosure risk via stored or reflecte...

5.4CVSS5.4AI score0.0052EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder