EUVD-2025-37350

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

ROS-20251014-08

A vulnerability in the Podman OCI container management and launching software tool is related to an insecure link following a problem in the Podman Kube Play command. Exploitation of the vulnerability could allow An attacker to cause a denial of service...

EUVD-2022-37263

Malicious code in bioql PyPI...

CVE-2025-36011 IBM Jazz for Service Management information disclosure

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

Dell Inventory Collector 安全漏洞

Dell Inventory Collector is a tool provided by Dell for collecting device information, mainly used to collect system information such as hardware configuration, operating system version, service packs, and so on from client systems. Dell Inventory Collector suffers from an incorrect link resoluti...

CVE-2024-50579

In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible...

CVE-2024-50579

JetBrains YouTrack is affected: before 2024.3.47707, it allows reflected XSS due to insecure link sanitization. Root cause is improper link cleaning. Impact is user-visible XSS without user interaction in some contexts; vendor advisory notes fix in 2024.3.47707. Remediation: upgrade to YouTrack 2...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from a cross-site scripting vulnerability that stems from insecure link cleaning. No detailed vulnerability details are provided at this time...

CVE-2024-43180

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

CVE-2024-43180

IBM Concert Software 1.0 is affected by CVE-2024-43180 due to not setting the Secure attribute on authorization tokens or session cookies, enabling potential session hijacking when a user clicks an HTTP link. Affected product/version: IBM Concert Software 1.0. Root cause: cookies not marked secur...

CVE-2024-39734 IBM Datacap Navigator information disclosure

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent...

CVE-2023-33860

IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2024-5995

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused...

CVE-2021-20450

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...

CVE-2021-20450 IBM Cognos Controller information disclosure

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...

CVE-2023-46179 IBM Secure Proxy information disclosure

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure...

CVE-2023-46179 IBM Secure Proxy information disclosure

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure...

CVE-2023-38363

IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the...

CVE-2023-33847

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a sit...