Siemens SIMATIC S7-1500 Sensitive Cookie Without 'HttpOnly' Flag (CVE-2025-38477)

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29154)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from the lack of Secure and HTTPOnly...

CVE-2025-52614

HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site...

CVE-2025-52614

CVE-2025-52614 affects HCL Unica Platform. The issue is a cookie without the HTTPOnly flag, enabling a malicious actor to induce the event by sending users crafted links, directly or via a site. Public sources provide the vulnerability description but do not specify affected versions, exploit det...

EUVD-2022-29894

Malicious code in bioql PyPI...

IBM Security Directory Integrator和IBM Security Verify Directory 安全漏洞

IBM Security Verify Directory and IBM Security Directory Integrator are both products of International Business Machines IBM.IBM Security Verify Directory is part of an authentication and access management solution.IBM Security Directory Integrator is an integrated development environment and...

PT-2024-4345 · NetGear · Netgear Wnr614

Name of the Vulnerable Software and Affected Versions: Netgear WNR614 JNR1010V2 N300-V1.1.0.54 1.0.1 Description: The issue is related to the improper setting of the HTTPOnly flag for cookies, allowing attackers to possibly intercept and access sensitive communications between the router and...

CVE-2023-2876

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...

SUSE CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

CVE-2022-22330

IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126...

CVE-2021-38879

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057...

PT-2022-10794 · Ibm · Ibm Jazz Team Server

Name of the Vulnerable Software and Affected Versions: IBM Jazz Team Server versions 6.0.6 through 7.0.2 Description: The issue is caused by the failure to set the HTTPOnly flag, allowing a remote attacker to obtain sensitive information from the cookie. A remote attacker could exploit this to...

PT-2022-9184 · Ibm · Ibm Jazz Team Server

Name of the Vulnerable Software and Affected Versions: IBM Jazz Team Server versions 6.0.6 through 7.0.2 Description: The issue is caused by the failure to set the HTTPOnly flag, allowing a remote attacker to obtain sensitive information from the cookie. A remote attacker could exploit this to...

CVE-2022-25151

Within the Service Desk module of the ITarian platform SAAS and on-premise, a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerabilit...

PT-2022-17103 · Itarian · Itarian

Name of the Vulnerable Software and Affected Versions: ITarian platform SAAS and on-premise affected versions not specified Description: A remote attacker can obtain sensitive information due to the failure to set the HTTP Only flag within the Service Desk module. This issue can be exploited in...

CVE-2022-25151

CVE-2022-25151 affects ITarian Platform – Service Desk (SaaS and on‑premise). Root cause: cookies not marked HttpOnly, enabling sensitive data exposure. Exploitation requires combination with a user XSS to access the management interface. In the published advisories, SaaS patches were released up...

PT-2022-2718 · Siemens · Desigo Pxc4 +3

Name of the Vulnerable Software and Affected Versions: Desigo DXR2 versions prior to V01.21.142.5-22 Desigo PXC3 versions prior to V01.21.142.4-18 Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884 Description: The issue is related to the applicati...

HCL BigFix Platform 安全漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platform from HCL Technologies, India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Platform that stems from a cookie...

PT-2022-9852 · Hcl +1 · Hcl Bigfix Webui +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a cookie without the HTTPONLY flag set. It is mentioned that NUMBER cookies was set without Secure or HTTPOnly flags. The images show...

ADC Vulnerability: pwcount Cookie Missing HTTP Only Flag

Customer is failing PCI scan because the ADC Gateway server pwcount cookie is not showing with HTTP only flag set...