CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

UBUNTU-CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

Znuny 安全漏洞

Znuny is a work order system from Znuny, Inc. A security vulnerability exists in Znuny 7.1.3 and earlier versions that stems from a cookie not setting the HttpOnly flag...

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

CVE-2025-26844

The CVE-2025-26844 vulnerability affects Znuny up to version 7.1.3 where a cookie is set without the HttpOnly flag. The underlying issue is improper cookie configuration, enabling cookies to be accessible to client-side scripts. This could, per the available references, contribute to session-rela...

CVE-2025-24318 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Sensitive Cookie Without 'HttpOnly' Flag

Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise...

CVE-2025-24318 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Sensitive Cookie Without 'HttpOnly' Flag

Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise...

CVE-2024-5848 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...

Cookie Poisoning

Quarkus-HTTP is vulnerable to Cookie Poisoning. The vulnerability is due to improper parsing of cookies with specific value-delimiting characters, allowing attackers to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values...

GHSA-CXRX-Q234-M22M io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

Undertow incorrectly parses cookies

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

GHSA-3JRV-JGP8-45V3 Undertow incorrectly parses cookies

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

UBUNTU-CVE-2023-4639

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

CVE-2023-4639 Undertow: cookie smuggling/spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

CVE-2023-4639 Undertow: cookie smuggling/spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

CVE-2024-49764 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This...

PYSEC-2024-168

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...