CVE-2026-33400 Wallos: Stored cross-site scripting (XSS) vulnerability in the payment method rename endpoint

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...

EUVD-2017-18423

Malware in sbrugna...

EUVD-2025-1702

Malicious code in bioql PyPI...

CVE-2025-53757 Insecure Cookie Flags Vulnerability in Digisol DG-GR6821AC Router

This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP...

CVE-2025-53757 Insecure Cookie Flags Vulnerability in Digisol DG-GR6821AC Router

This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP...

CVE-2025-53757

The CVE-2025-53757 entry concerns the Digisol DG-GR6821AC Router. The root cause is misconfiguration of both Secure and HttpOnly session cookie flags on the router’s web interface, allowing a remote attacker to capture cookies over unencrypted HTTP. This could lead to disclosure of sensitive info...

CVE-2023-31238

A vulnerability has been identified in SICAM P850 7KG8500-0AA00-0AA0 All versions V3.11, SICAM P850 7KG8500-0AA00-2AA0 All versions V3.11, SICAM P850 7KG8500-0AA10-0AA0 All versions V3.11, SICAM P850 7KG8500-0AA10-2AA0 All versions V3.11, SICAM P850 7KG8500-0AA30-0AA0 All versions V3.11, SICAM P8...

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker with a user-level account can manipulate session cookies to hijack administrator sessions, leading to unauthorized actions and potential system compromise by embedding a...

CVE-2025-24390 Missing Cookie Flags

A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X...

CVE-2025-24390

The CVE-2025-24390 issue affects OTRS Application Server and reverse proxy configurations, enabling session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. Affected: OTRS 7.0.X, 8.0.X, 2023.X, 2024.X. Root cause: incomplete cookie security attributes in HTTPS ...

CVE-2025-0479

This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. A remote attacker could exploit this vulnerability by intercepting data transmissions during an HTTP session on the vulnerable system. Successful exploitation of this...

CP Plus CP-XR-DE21-S 安全漏洞

The CP Plus CP-XR-DE21-S is a wireless router from CP Plus. A security vulnerability exists in the CP Plus CP-XR-DE21-S that stems from insecure handling of cookie flags used in the web interface, which can be exploited by an attacker to obtain sensitive information and compromise the target syst...

PT-2025-3910 · Cp Plus · Cp Plus Router

Name of the Vulnerable Software and Affected Versions: CP Plus Router affected versions not specified Description: This issue exists due to insecure handling of cookie flags used within the web interface of the CP Plus Router. A remote attacker could exploit this by intercepting data transmission...

Cookie Set For Parent Domain

HTTP by itself is a stateless protocol. Therefore the server is unable to determine which requests are performed by which client, and which clients are authenticated or unauthenticated. The use of HTTP cookies within the headers, allows a web server to identify each individual client and can...

Jaws 1.1.1 Open Redirect / Object Injection / Cookie Flags Vulnerabilities

Jaws version 1.1.1 suffers from object injection, open redirection, and cookie flag related vulnerabilities. 1. Introduction Affected Product: Jaws 1.1.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://jaws-project.com/ Vulnerability Type: Object Injection, Open Redirect, Cooki...

Jaws 1.1.1 Open Redirect / Object Injection / Cookie Flags

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Jaws 1.1.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://jaws-project.com/ Vulnerability Type: Object Injection, Open Redirect, Cookie Flags Remote Exploitable: Yes Reported to vendor: 09/05/2016...

IBM WebSphere Application Server 8.5 < 8.5.5.10 Multiple Vulnerabilities

Binary data 9720.prm...

Jobberbase 2.0 - Multiple Vulnerabilities

Jobberbase: http://www.jobberbase.com/ Version: 2.0 By Ross Marks: http://www.rossmarks.co.uk 1 Local path disclosure - change any variable to an array and in most cases it will tell you the local path where the application is installed eg...

Micro Focus Filr 2 2.0.0.421, Filr 1.2 1.2.0.846 - Multiple Vulnerabilities

Exploit for php platform in category web applications title: Multiple vulnerabilities product: Micro Focus former Novell Filr Appliance vulnerable version: Filr 2 =2.0.0.421, Filr 1.2 = 1.2.0.846 fixed version: Filr 2 v2.0.0.465, Filr 1.2 v1.2.0.871 CVE number: CVE-2016-1607, CVE-2016-1608,...

Micro Focus (Novell) Filr 1.2 <= 1.2.0.846 / 2 <= 2.0.0.421 Multiple Vulnerabilities

Micro Focus Novell Filr is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:microfocus:filr"; i...