5 matches found
PT-2026-36542
Name of the Vulnerable Software and Affected Versions bandit versions 1.0.0 through 1.10.f Description Reliance on untrusted inputs in a security decision allows unauthenticated transport-state spoofing on plaintext HTTP connections. The function determine scheme/2 in Elixir.Bandit.Pipeline retur...
CVE-2026-41468
Beghelli Sicuro24 SicuroWeb uses AngularJS 1.5.2, an end-of-life component, which together with in-app template injection enables sandbox escape and arbitrary JavaScript execution in operator browser sessions. This can lead to session hijacking, DOM manipulation, and persistent browser compromise...
CVE-2025-41772 wwwupdate.cgi Session token in URL
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR...
Cleartext Transmission of Sensitive Information
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the gateway.controlUi.allowInsecureAuth configuration when it is explicitly enabled and the gateway is exposed over plaintext HTTP. An...
CVE-2022-2338
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may...