CVE-2025-13219 Multiple vulnerabilities in IBM Aspera Orchestrator

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

CVE-2025-52351

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL e.g., https://domain.com/activate=xyz. This practice can result in password exposure via...

CVE-2021-39126

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery CSRF vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions a...

USN-4898-1 curl vulnerabilities

Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2021-22876 Mingtao Yang discovered that curl incorrectly handled session tickets when using an HTTPS proxy. A...

CSRF token theft through referrer headers - CVE-2021-39126

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery CSRF vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions a...

Shopify: your-store.myshopify.com preview link is leak on third party website lead to preview all action from store owner Without store Password.

Hi Security Team, Description It has been identified that the application is leaking Link to third party sites. In this case it was found that the Linkis being leaked to third party sites which is a issue knowing the fact that it can allow any malicious users to use the Link to catch/preview all...

CVE-2013-2674

Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers...

Real-Time Phishing Protections

In my previous blogs, I wrote about how phishing is no longer just an email problem, how the industrialization of phishing is being driven by the easy availability and low cost of phishing toolkits, and how current phishing defenses are being bypassed by attackers. In this post, I'm going to...

jolokia: system-wide CSRF that could lead to Remote Code Execution

A flaw was found in Jolokia, versions 1.2 through 1.6.0, where Jolokia did not correctly handle checking for origin and referrer headers when strict checking was enabled. An attacker could use this vulnerability to conduct cross-site request forgery or further attacks...

CVE-2017-1669

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636...

IBM BigFix Platform Information Disclosure Vulnerability (CNVD-2017-32855)

IBM BigFix Platform formerly IBM Tivoli Endpoint Manager is a system management software. An information disclosure vulnerability exists in IBM BigFix Platform versions 9.2 and 9.5, which can be exploited by remote attackers to access URLs via server logs, referrer headers, or browser history...

Zulu - Zscaler Malware Scanning Service

Zulu - Zscaler Malware Scanning Service Zscaler has launched a new freE online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses. Zulu allows security...

Class Action Suits Target Google, Facebook, Zynga

A raft of class action lawsuits filed in Federal court charge the globe’s biggest social networking firms with violating federal communications privacy laws, allowing advertisers to profit from personal information harvested from users. Weeks after the Wall Street Journal blew the whistle on lax...

Ubuntu Update for firefox vulnerabilities USN-592-1

Ubuntu Update for Linux kernel vulnerabilities USN-592-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5921.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox vulnerabilities USN-592-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

DSA-1534-2 iceape - regression

Bulletin has no description...

Debian: Security Advisory (DSA-1534-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1535-1 (iceweasel)

The remote host is missing an update to iceweasel announced via advisory DSA 1535-1. OpenVAS Vulnerability Test $Id: deb15351.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1535-1 iceweasel Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian DSA-1532-1 : xulrunner - several vulnerabilities

This shares a lot of text with dsa-1534.wml, dsa-1535.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4879 Peter Broderse...

Debian DSA-1534-1 : iceape - several vulnerabilities

This shares a lot of text with dsa-1532.wml, dsa-1535.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : -...