CVE-2026-44658

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

CVE-2026-4820

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

CVE-2026-4820 IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

CVE-2026-4820 IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

CVE-2023-38281

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

CVE-2023-38281 Multiple Vulnerabilities in IBM Cloud Pak System

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

EUVD-2023-42101

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

CVE-2025-36249 IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

CVE-2025-61536

FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset magic links using the untrusted req.headers.host header and forces the http:// scheme. An attacker who can control the Host header or exploit a misconfigured proxy/load-balancer that forwards the header unchanged can cause reset lin...

EUVD-2020-26010

Malware in sbrugna...

EUVD-2022-27475

Malicious code in bioql PyPI...

PT-2025-36933

Name of the Vulnerable Software and Affected Versions: IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.24 Description: IBM Jazz for Service Management does not set the secure attribute on authorization tokens or session cookies. This may allow attackers to obtain cookie values by...

CVE-2025-30199

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...

PT-2025-36259

Name of the Vulnerable Software and Affected Versions: ECOVACS vacuum robot base stations affected versions not specified Description: ECOVACS vacuum robot base stations do not validate firmware updates, allowing malicious over-the-air updates to be sent to the base station via an insecure...

CVE-2025-36026 IBM Datacap information disclosure

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

CVE-2024-43180

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

CVE-2024-28770

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user...

CVE-2024-28771

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user...

CVE-2024-28771

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user...

CVE-2024-55897

IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure...