EUVD-2026-31878

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

PT-2026-43320

Name of the Vulnerable Software and Affected Versions Joomla affected versions not specified Description The password and username reset features generate plain http links even when https connections are used, provided the "Force SSL" flag is not explicitly enabled. This leads to a transport...

CVE-2026-33400 Wallos: Stored cross-site scripting (XSS) vulnerability in the payment method rename endpoint

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...

EUVD-2009-0896

Malware in sbrugna...

EUVD-2021-14505

Malware in sbrugna...

Red Hat Ansible 安全漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to distribute, manage, and program computer systems. A security vulnerability exists in Red Hat Ansible that stems from a missing security flag and could lead to man-in-the-middle...

Eaton Foreseer Reporting Software 安全漏洞

Eaton Foreseer Reporting Software is a report generation tool for electrical power monitoring systems EPMS from Eaton Corporation that collects power data in real-time and generates analytical reports to help organizations optimize energy management and equipment performance. A security...

SyroTech SY-GPON-1110-WDONT Information Disclosure Vulnerability (CNVD-2024-34377)

The SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. The SyroTech SY-GPON-1110-WDONT suffers from an information disclosure vulnerability that stems from a missing security flag in a session cookie associated with the router's web management interface. An attacker could exploit thi...

SyroTech SY-GPON-1110-WDONT 安全漏洞

The SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. The SyroTech SY-GPON-1110-WDONT suffers from an information disclosure vulnerability that stems from a missing security flag in a session cookie associated with the router's web management interface. An attacker could exploit thi...

Missing Entitlement Check

github.com/moby/buildkit is vulnerable to Missing Entitlement Check. The vulnerability due to improper validation of the security.insecure entitlement flag within the BuildKit APIs. An attacker can run a malicious container with elevated permissions as a result of this flaw...

Synology Router Manager (SRM) 1.2.x Multiple Vulnerabilities (Synology-SA-20:14)

Synology Router Manager SRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

EspoCRM 安全漏洞

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM version 7.1.8 that stems from the presence of a missing security flag that allows...

CVE-2021-40650

In Connx Version 6.2.0.1269 20210623, a cookie can be issued by the application and not have the secure flag set...

IBM Cognos Analytics 信息泄露漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. An information disclosure...

BTCPay Server 信息泄露漏洞

BTCPay Server is a self-hosted open source cryptocurrency payment processor. It is secure, private, uncensored and free. A cross-site scripting vulnerability exists in BTCPay Server 1.0.7.0 and earlier versions. The vulnerability stems from a failure to set a security flag for a cookie. An attack...

Unspecified Vulnerability in ABB eSOMS (CNVD-2020-19561)

ABB eSOMS is a plant operations management system from ABB Switzerland. ABB eSOMS contains a security vulnerability that originates from not setting a security flag in the HTTP response header, which can be exploited by an attacker to obtain cookie information...

Objective Development Little Snitch Password Signature Verification Failure Vulnerability

Objective Development Little Snitch is a suite of personal security software for Mac from the Austrian company Objective Development. A security vulnerability exists in Objective Development Little Snitch versions 4.0 through 4.0.6, which stems from the program failing to send the...

Apache Tomcat CloudBees Jenkins Security Bypass Vulnerability

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems. CloudBees Jenkins is one of the set of U.S. CloudBees,...

IBM Kenexa LCMS Premier on Cloud Information Disclosure Vulnerability (CNVD-2017-04799)

IBM Kenexa LCMS Premier on Cloud is an adjustable Learning Content Management System LCMS for developing, maintaining, and delivering effective employee training from IBM USA. A security vulnerability exists in IBM Kenexa LCMS Premier on Cloud that stems from the program failing to set a security...

IBM DataPower Gateway Cookies Session Missing Security Attributes Vulnerability

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads that protects, integrates, and optimizes access across channels...