Lucene search
K

13 matches found

NVD
NVD
added 2026/06/05 8:17 p.m.18 views

CVE-2026-46398

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

8.8CVSS0.00183EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:6 p.m.6 views

CVE-2025-62311

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...

4.3CVSS5.8AI score0.0008EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40954

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...

4.3CVSS5.8AI score0.0008EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.17 views

CVE-2026-32683

Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video...

5.3CVSS5.8AI score0.00088EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

HCL DevOps Deploy 安全漏洞

HCL DevOps Deploy is an application from HCL India. It can be mapped to your organizational structure using flexible team-based and role-based security models. HCL DevOps Deploy has a security vulnerability that stems from the explicit transmission of sensitive information, which could lead to th...

5.9CVSS6.7AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-16641

Malware in sbrugna...

6.5CVSS6.6AI score0.01023EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-37987

Malicious code in bioql PyPI...

7.5CVSS7.8AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0561

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00449EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 6:51 p.m.8 views

CVE-2021-42699

The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account...

5.9CVSS6.6AI score0.0048EPSS
Exploits0
OSV
OSV
added 2024/02/05 8:19 p.m.23 views

GHSA-9XFW-JJQ2-7V8H 1Panel set-cookie is missing the Secure keyword

Summary The https cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text when accessing http accidentally. https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Set-Cookiesecure PoC Directly configure https for the panel, and the...

3.5CVSS7.3AI score0.00304EPSS
Exploits0References5
OSV
OSV
added 2020/08/19 8:0 a.m.6 views

CURL-CVE-2020-8231 wrong connect-only connection

An application that performs multiple requests with libcurl's multi API and sets the CURLOPTCONNECTONLY option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl picks and uses the wrong connection - and instead picks another one the...

7.5CVSS7.3AI score0.03721EPSS
Exploits1
Debian CVE
Debian CVE
added 2019/11/08 6:20 p.m.6 views

CVE-2019-12408

It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...

7.5CVSS7.3AI score0.03225EPSS
Exploits0
OSV
OSV
added 2018/05/14 8:29 p.m.6 views

CVE-2017-12123

An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin...

8.8CVSS5.8AI score0.01049EPSS
Exploits2References1
Rows per page
Query Builder