CVE-2026-27193 Feathers exposes internal headers via unencrypted session cookie

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...

EUVD-2006-5790

Malware in sbrugna...

EUVD-2013-2898

Malware in sbrugna...

EUVD-2013-3966

Malware in sbrugna...

CVE-2024-6295 udn News App - Insecure Data Storage

udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn...

Ratpack 安全漏洞

Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in Ratpack versions prior to 1.9.0, which stems from a default configuration of a client session that results in unencrypted but signed data being set as a cookie value. An attacker could exploit th...

Code injection

IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the...

Vaultek Gun Safe VT20i Information Disclosure Vulnerability (CNVD-2018-00316)

The Vaultek Gun Safe VT20i aka BlueSteal is a fingerprint-enabled gun safe product. A security vulnerability exists in the Vaultek Gun Safe VT20i that stems from the program's failure to encrypt the session between the Android application and the safe. An attacker could exploit the vulnerability ...

CVE-2017-17436

An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and...

Apple iOS unprotected multipeer data leakage vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability exists in the Apple iOS convenience initializer processing that allows the encryption level to be reduced to a non-encrypted session, resulting in the disclosure of sensitive data...

Design/Logic Flaw

The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack...

BlackHat topic analysis: analysis of BGP hijacking exploit-vulnerability warning-the black bar safety net

BGP hijacking in 2 0 0 8 years defcon conference once involved, however, in 2 0 1 5 year's blackhat has been selected as the subject, visible the seriousness of the problem, frozen three feet, a cold, BGP hijacking issues to organizations around the world work together to solve it. 0×0 0 what is ...