CVE-2021-47662 Unauthenticated remote shutdown of the cobot

Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button...

CVE-2021-47662

CVE-2021-47662 is associated with Franka Emika Robot. The vulnerability arises from missing authorization, enabling an unauthenticated remote attacker to trigger a shutdown button over HTTPS and cause a denial-of-service. Connected sources confirm the issue affects the Franka Emika Robot hardware...

Malicious code in https-agen-chii (npm)

--- -= Per source details. Do not edit below this line.=-...

PT-2025-17675 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue concerns the transmission of sensitive information via URL or query parameters, which could be exposed to an unauthorized actor using man-in-the-middle techniques...

The vulnerability of the HTTPS protocol implementation in ConneXium Network Manager’s software for network management allows a perpetrator to carry out a “man-in-the-middle” attack.

The vulnerability of the HTTPS protocol implementation in ConneXium Network Manager software relates to the use of files and directories accessible to external parties. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...

CVE-2020-36845

The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL...

Exploit for CVE-2025-26244

CVE-2025-26244-POC The code to exploit this vulnerability can...

NetScaler: Troubleshooting SSO Failures Over VPN Mode

SSO failures over VPN mode on NetScaler can often be traced to limitations in HTTPS inspection, misconfigured session or traffic policies, or incomplete authentication setups. By carefully reviewing these areas—especially the VPN mode, session policies, and authentication flow—you can...

Centron 19.04 - Remote Code Execution (RCE)

Exploit Title : Centron 19.04 - Remote Code Execution RCE Tested on Centreon API 19.04.0 Centreon 19.04 - Login Password Bruteforcer Written on 6 Nov 2019 Referencing API Authentication of the Centreon API document Author: st4rry centbruteon.py Centreon Download Link:...

CVE-2025-2222

CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle attack...

CVE-2025-26654 Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)

SAP Commerce Cloud Public Cloud does not allow to disable unencrypted HTTP port 80 entirely, but instead allows a redirect from port 80 to 443 HTTPS. As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request befor...

Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2024-56341 DESCRIPTION: IBM Content Navigator is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus...

Session Recording 2402 - Sessions not getting recorded even though Session Recording is enabled

When the user logs on, users were not seeing the Session Recording notification and also the sessions did not get recorded. We can see some 0KB files on the server side. Session Recording policy was set to record sessions for all users with notification. Session Recording Agent was configured to...

PT-2025-13932 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.5 macOS Sequoia versions prior to 15.4 macOS Sonoma versions prior to 14.7.5 Description: The issue allows a malicious app acting as a HTTPS proxy to access sensitive user data. This is achieved through inadequate...

Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.

Summary BAYEUXBROWSER cookie is generated from Cometd Server and it remains live with the session. In older versions of cometd server, BAYEUXBROWSER cookie was neither true for https nor for secure. But in the current version ie. 5.0.3, there is a provision to make the cookie true for https and...

Security Bulletin: This Power System update is being released to address CVE 2021-29891

Summary POWER9: In response to a security issue with BMC's HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2021-29891. Vulnerability Details CVEID:CVE-2021-29891 DESCRIPTION: IBM OPENBMC could allow a privileged...

CVE-2024-44276

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information...

CVE-2024-10718 Cookie without Secure attribute in phpipam/phpipam

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0...

phpIPAM 安全漏洞

phpIPAM is the phpIPAM open source suite of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM version 1.5.1, which stems from an unset Secure attribute for sensitive cookies in an HTTPS session, which could result in a user agent...

RLSA-2025:1670 Important: bind9.18 security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...