429 matches found
EUVD-2025-19846
Malicious code in bioql PyPI...
EUVD-2024-47778
Malicious code in bioql PyPI...
EUVD-2024-54601
Malicious code in bioql PyPI...
Digisol DG-GR6821AC Router 安全漏洞
Digisol DG-GR6821AC Router is a WiFi router from Digisol India. A security vulnerability exists in the Digisol DG-GR6821AC Router, which stems from the session cookie not being configured with the Secure and HttpOnly flags, which could lead to a remote attacker obtaining sensitive information...
Unspecified Vulnerability in Endress+Hauser MEAC300-FNADE4 (CNVD-2025-16350)
The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4 that stems from the HttpOnly flag not being set, which can be exploited by an attacker to cause session...
CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...
CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...
CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...
CVE-2025-27453 CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...
CVE-2025-27453 CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...
CVE-2025-27453
CVE-2025-27453 affects Endress+Hauser MEAC300-FNADE4. The underlying issue is an HttpOnly flag misconfiguration on the PHPSESSION cookie, allowing access via JavaScript and enabling potential session hijacking. Public-facing documents consistently describe this as a vulnerability in the MEAC300-F...
PT-2025-27782
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns the HttpOnly flag being set to false on the PHPSESSION cookie, allowing it to be accessed by other sources such as JavaScript. Recommendations: At the moment, there is no...
Endress+Hauser MEAC300-FNADE4 安全漏洞
The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4 that stems from the HttpOnly flag not being set, which can be exploited by an attacker to cause session...
CVE-2025-49189
The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies...
CVE-2025-49189
The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies...
CVE-2025-49189
The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies...
CVE-2025-49189 Cookie missing HttpOnly flag
The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies...
CVE-2025-49189
CVE-2025-49189 describes a flaw where the HttpOnly flag on the session cookie "@@" is set to false, enabling client-side access to cookies and increasing the risk of Cross-Site Scripting. The provided sources indicate a medium impact (CVSS 3.1 base ~6.1; confidentiality/integrity impacts low) wit...
CVE-2025-49189 Cookie missing HttpOnly flag
The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies...
PT-2025-25315
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue concerns the session cookie @@ with its HttpOnly flag set to false. This setting increases the risk of Cross-Side-Scripting attacks targeting stored cookies, as it allows client-side...