CVE-2022-28869

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview OpenTelemetry.Instrumentation.AspNetCore is an ASP.NET Core instrumentation for OpenTelemetry .NET Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer due to the logging of sensitive query parameters by default. This...

Reflected Cross-Site Scripting due to Improper Sanitization

Description User Input that is reflected in a JavaScript Context is not properly sanitized. The User Input is reflected inside of a single-quoted string and single-quotes are encoded. However, there is an issue with the entity removing HTML tags that prevents single-quotes from being encoded. Thi...

Django Vulnerable to Cache Poisoning

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...

Information disclosure

Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs...

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

DEBIAN-CVE-2011-4139

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...