4 matches found
Use of GET Request Method With Sensitive Query Strings
Overview org.apache.openmeetings:openmeetings-parent is a web-conferencing software. Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the REST login endpoint when sensitive information such as username and password is transmitted as...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...
CVE-2026-33266
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...
Unchecked Input for Loop Condition
Overview System.Formats.Nrbf is a package that exposes only one component: NrbfDecoder: a stateless, forward-only decoder class that can decode .NET Remoting Binary Format NRBF binary data from a stream. Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via th...