OESA-2026-2217 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads wi...

H3: Unbounded Chunked Cookie Count in Session Cleanup Loop may Lead to Denial of Service

Summary The setChunkedCookie and deleteChunkedCookie functions in h3 trust the chunk count parsed from a user-controlled cookie value chunkedN without any upper bound validation. An unauthenticated attacker can send a single request with a crafted cookie header e.g., Cookie: h3=chunked999999 to a...

PT-2026-21977

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check within the library/auth.inc.php file could be bypassed...

CVE-2025-36134

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-2382)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...

MyCourts 安全漏洞

MyCourts is a court management platform from MyCourts UK. A security vulnerability exists in MyCourts v3, which stems from a lack of input validation in the LTA number profile field, which could lead to a stored cross-site scripting attack, and could be exploited to hijack a user session due to t...

CVE-2025-57821

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...

CVE-2025-57821

CVE-2025-57821 concerns Basecamp’s Google Sign-In for Rails. Before v1.3.0, a malformed redirect URL can bypass the same-origin check, allowing redirects to an attacker-controlled origin. If Rails apps store flash data in a session cookie, this can be chained with an attack that injects arbitrary...

Security Bulletin: Vulnerability in Flask affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [ CVE-2023-30861]

Summary The Flask package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-30861 Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by...

PT-2024-21239 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to insufficient encoding of user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through the "/amssplus/modules/book/main/bookdetail khet person.php" API endpoint,...

HCL Technologies HCL BigFix Platform Cross-Site Scripting Vulnerability

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management, and remediation of endpoint security issues.Web is a Golang HTTP server from Ian Spence, a personal developer. Used for...

iCMS 安全漏洞

iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A security vulnerability exists in iCMS versions prior to 2.16.1, which arises from a sensitive cookie in an HTTPS session that does not have a security attribute...

CVE-2023-29547

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for...

CVE-2022-37109

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when...

WordPress Plugin Passster 加密问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2019-17035 · Ibm · Ibm Security Guardium Big Data Intelligence

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Big Data Intelligence SonarG version 4.0 Description: The issue is related to the software not setting the secure attribute for cookies in HTTPS sessions. This could cause the user agent to send those cookies in plaintex...

CVE-2016-2923

IBM WebSphere Application Server WAS 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script acces...