13 matches found
boruta-server 安全漏洞
Boruta-Server is an open-source independent authorization server developed by Malach.it. Versions of Boruta-Server prior to 0.9.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of the Secure attribute for session cookies and remember-me cookies. In deployments whe...
PT-2026-30806
Name of the Vulnerable Software and Affected Versions Rack::Session versions 2.0.0 through 2.1.1 Description Rack::Session is a session management implementation for Rack. Versions 2.0.0 through 2.1.1 incorrectly handle decryption failures when configured with secrets. If cookie decryption fails,...
EUVD-2021-1484
Malware in sbrugna...
CVE-2025-58049
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...
CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...
XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
Impact The PDF export uses a background job that runs on the server-side. Jobs like this have a status that is serialized in the permanent directory when the job is finished. The job status includes the job request. The PDF export job request is initialized, before the job starts, with some conte...
GHSA-9M7C-M33F-3429 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
Impact The PDF export uses a background job that runs on the server-side. Jobs like this have a status that is serialized in the permanent directory when the job is finished. The job status includes the job request. The PDF export job request is initialized, before the job starts, with some conte...
XWiki Platform 安全漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions prior to 16.4.8 and 17.4.0-rc-1, which stems from the unencrypted storage of sensitive cookies in PDF export jobs...
CVE-2021-29481
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance
The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager LTM module to conduct reconnaissance of target networks. It said the module is being used to...
Last Yard 安全漏洞
Last Yard is a shelf-edge promotional platform from Last Yard Australia. A security vulnerability exists in Last Yard version 22.09.8-1, which stems from the unencrypted transmission of its cookies making them accessible to attackers...
tiny-csrf 安全漏洞
tiny-csrf is a small csrf library by Vincent Alexander Saulys personal developer. It is intended to replace the work done by csurf before it was removed. A security vulnerability exists in versions of tiny-csrf prior to 1.1.0, which stems from the fact that cookies are not encrypted, and thus CSR...
CVE-2021-35236
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...