13 matches found
CVE-2026-46398
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...
CVE-2025-62311
HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...
PT-2026-40954
HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...
CVE-2026-32683
Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video...
HCL DevOps Deploy 安全漏洞
HCL DevOps Deploy is an application from HCL India. It can be mapped to your organizational structure using flexible team-based and role-based security models. HCL DevOps Deploy has a security vulnerability that stems from the explicit transmission of sensitive information, which could lead to th...
EUVD-2018-16641
Malware in sbrugna...
EUVD-2023-37987
Malicious code in bioql PyPI...
EUVD-2022-0561
Malicious code in bioql PyPI...
CVE-2021-42699
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account...
GHSA-9XFW-JJQ2-7V8H 1Panel set-cookie is missing the Secure keyword
Summary The https cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text when accessing http accidentally. https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Set-Cookiesecure PoC Directly configure https for the panel, and the...
CURL-CVE-2020-8231 wrong connect-only connection
An application that performs multiple requests with libcurl's multi API and sets the CURLOPTCONNECTONLY option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl picks and uses the wrong connection - and instead picks another one the...
CVE-2019-12408
It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...
CVE-2017-12123
An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin...