EUVD-2016-6219

Malware in sbrugna...

EUVD-2003-0330

Malware in sbrugna...

EUVD-2022-34416

Malicious code in bioql PyPI...

EUVD-2025-16912

Malicious code in bioql PyPI...

CVE-2025-53861

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle MitM and Cross-site scripting XSS attacks allowing attackers to read transmitted data...

CVE-2025-53861 Aap: sensitive cookie(s) set without security flags

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle MitM and Cross-site scripting XSS attacks allowing attackers to read transmitted data...

CVE-2025-53861

The CVE-2025-53861 vulnerability affects Red Hat Ansible, where cookies are set without the secure flag over non‑encrypted channels. This exposes transmitted data to potential disclosure via Man-in-the-Middle (MitM) and can enable Cross‑Site Scripting (XSS) attempts. The underlying issue is cooki...

CVE-2025-53861 Aap: sensitive cookie(s) set without security flags

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle MitM and Cross-site scripting XSS attacks allowing attackers to read transmitted data...

AZL-64187 CVE-2025-6019 affecting package libblockdev 2.28-3

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

CVE-2024-47833

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...

CVE-2021-34370

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information...

CVE-2024-8272

CVE-2024-8272 affects macOS Universal Audio (UAConnect) and targets the com.uaudio.bsd.helper service. The issue is a missing validation of clients during XPC IPC: the service does not verify code requirements, entitlements, or security flags of connecting clients, enabling unauthorized clients t...

CVE-2024-8272 macOS Universal Audio (UAConnect) <= 2.7.0 - Local Privilege Escalation

The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication IPC. Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to...

Sensitive Cookie In HTTPS Session Without "Secure" Attribute

taipy is vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute. The vulnerability is due to the improper setting of security flags on session cookies. An attacker can intercept or tamper with the cookie over insecure connections by exploiting the lack of Secure and HttpOnly...

CVE-2022-1704

Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup...

CVE-2022-1704

Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup...

CVE-2022-1704

CVE-2022-1704 affects Inductive Automation Ignition. The issue arises from parsing XML in the backup/restore functionality without XML security flags, enabling a potential XML External Entity (XXE) attack. Affected products/versions include: Ignition 8.1.x up to before 8.1.8, and Ignition 7.9.x b...

Inductive Automation Ignition 代码问题漏洞

Inductive Automation Ignition is a suite of integrated software platforms for SCADA systems from Inductive Automation, Inc. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface and more. A code issue vulnerability exists in Inductive Automation Ignition...

Xxe

OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack...

PT-2022-14948 · Openkm · Openkm Community Edition

Name of the Vulnerable Software and Affected Versions: OpenKM Community Edition versions 6.3.10 and earlier Description: The issue allows an attacker to perform an XML external entity injection attack due to the use of the XMLReader parser in the XMLTextExtractor.java file without the required...