Lucene search
K

13 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

boruta-server 安全漏洞

Boruta-Server is an open-source independent authorization server developed by Malach.it. Versions of Boruta-Server prior to 0.9.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of the Secure attribute for session cookies and remember-me cookies. In deployments whe...

8.8CVSS5.3AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30806

Name of the Vulnerable Software and Affected Versions Rack::Session versions 2.0.0 through 2.1.1 Description Rack::Session is a session management implementation for Rack. Versions 2.0.0 through 2.1.1 incorrectly handle decryption failures when configured with secrets. If cookie decryption fails,...

9.8CVSS5.9AI score0.0027EPSS
Exploits1References22
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-1484

Malware in sbrugna...

7.5CVSS7.4AI score0.00455EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.4 views

CVE-2025-58049

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...

7.5CVSS6.8AI score0.00341EPSS
Exploits1References1
OSV
OSV
added 2025/08/28 5:43 p.m.4 views

CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...

5.8CVSS6.7AI score0.00341EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/08/28 3:10 p.m.8 views

XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

Impact The PDF export uses a background job that runs on the server-side. Jobs like this have a status that is serialized in the permanent directory when the job is finished. The job status includes the job request. The PDF export job request is initialized, before the job starts, with some conte...

7.5CVSS6.8AI score0.00341EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/08/28 3:10 p.m.2 views

GHSA-9M7C-M33F-3429 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

Impact The PDF export uses a background job that runs on the server-side. Jobs like this have a status that is serialized in the permanent directory when the job is finished. The job status includes the job request. The PDF export job request is initialized, before the job starts, with some conte...

5.8CVSS6.8AI score0.00341EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.4 views

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions prior to 16.4.8 and 17.4.0-rc-1, which stems from the unencrypted storage of sensitive cookies in PDF export jobs...

7.5CVSS6.4AI score0.00341EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 7:36 p.m.11 views

CVE-2021-29481

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...

7.5CVSS5.6AI score0.00455EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/10/11 8:34 a.m.34 views

CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager LTM module to conduct reconnaissance of target networks. It said the module is being used to...

9.8CVSS10AI score0.99979EPSS
Exploits19
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.6 views

Last Yard 安全漏洞

Last Yard is a shelf-edge promotional platform from Last Yard Australia. A security vulnerability exists in Last Yard version 22.09.8-1, which stems from the unencrypted transmission of its cookies making them accessible to attackers...

5.3CVSS5.7AI score0.00394EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.4 views

tiny-csrf 安全漏洞

tiny-csrf is a small csrf library by Vincent Alexander Saulys personal developer. It is intended to replace the work done by csurf before it was removed. A security vulnerability exists in versions of tiny-csrf prior to 1.1.0, which stems from the fact that cookies are not encrypted, and thus CSR...

8.1CVSS7AI score0.00392EPSS
Exploits0References3
OSV
OSV
added 2021/10/27 1:15 a.m.4 views

CVE-2021-35236

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...

5.3CVSS6.1AI score0.00502EPSS
Exploits0References2
Rows per page
Query Builder