CVE-2025-59101

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...

CVE-2025-59101

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...

EUVD-2025-206365

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...

PT-2026-4751

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...

CVE-2025-41081 Reflected Cross-Site Scripting (XSS) in IsMyGym

Reflected Cross-Site Scripting XSS vulnerability in IsMyGym by Zuinq Studio. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL with '/.php/'. This vulnerability can be exploited to steal sensitive user data, such as session...

MiracleLinux 7 : httpd24-nghttp2-1.7.1-7.el7, httpd24-curl-7.61.1-1.el7, httpd24-httpd-2.4.34-7.el7 (AXSA:2019-3739:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3739:01 advisory. httpd: Improper handling of headers in modsession can allow a remote user to modify session data for CGI applications CVE-2018-1283 httpd: Out of...

Pimcore ENV Variables and Cookie Informations are exposed in http_error_log

Summary The httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. Details It’s better to remove both lines, as this information make...

CVE-2019-2290

Multiple open and close from multiple threads will lead camera driver to access destroyed session data pointer in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W,...

CVE-2025-23363

A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...

CVE-2025-62330

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive...

CVE-2023-53870

Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information...

CVE-2025-62330

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive...

CVE-2025-62330

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive...

CVE-2025-62330 HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive...

CVE-2025-62330

CVE-2025-62330 affects HCL DevOps Deploy. The vulnerability arises from cleartext transmission due to the HTTP port remaining accessible and not redirecting to HTTPS, enabling an attacker with network access to intercept or modify user credentials and session data via passive monitoring or MITM-s...

EUVD-2025-203509

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive...

CVE-2025-62330 HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive...

HCL DevOps Deploy 安全漏洞

HCL DevOps Deploy is an application from HCL India. It can be mapped to your organizational structure using flexible team-based and role-based security models. HCL DevOps Deploy has a security vulnerability that stems from the explicit transmission of sensitive information, which could lead to th...

PT-2025-51374

Name of the Vulnerable Software and Affected Versions HCL DevOps Deploy affected versions not specified Description HCL DevOps Deploy allows sensitive information to be transmitted in cleartext because the HTTP port remains accessible and does not redirect to HTTPS. This could allow an attacker...

Race Condition

Agno is vulnerable to a race condition. The vulnerability is due to improper handling of sessionstate under high concurrency during run or arun calls, which allows an attacker to cause session data to be incorrectly assigned and persisted, potentially exposing one user's session data to another...