PT-2026-29623

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

GHSA-5J35-XR4G-VWF4 @grackle-ai/server has a Missing Secure Flag on Session Cookie

Impact The session cookie is set with HttpOnly; SameSite=Lax; Path=/ but does not include the Secure flag. This means the cookie will be sent over plain HTTP connections. Since the server binds to 127.0.0.1 by default and uses HTTP not HTTPS, this is acceptable for localhost use. However, when...

Missing Use of the Secure Flag in Zynq™ UltraScale+™ SoC Trusted Firmware

Summary A researcher reported that the security state of the calling processor into Trusted Firmware TF-A is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability turn on and off subsystems within the SoC...

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from the lack of Secure and HTTPOnly...

EUVD-2022-41405

Malicious code in bioql PyPI...

CVE-2022-38846

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

CVE-2024-30142

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel...

CVE-2024-30142

HCL BigFix Compliance is affected by a missing secure flag on a cookie, enabling cookie theft via XSS and potentially unauthorized access or cookies transmitted over unencrypted channels. The CVE refers to vulnerability in product HCL BigFix Compliance (reported as 2024-30142) and is corroborated...

CVE-2024-30142 HCL BigFix Compliance is affected by a missing secure flag on a cookie

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel...

CVE-2024-30142 HCL BigFix Compliance is affected by a missing secure flag on a cookie

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel...

CVE-2024-41684 Cookie Without Secure Flag Set Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system...

BIT-ESPOCRM-2022-38846

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

The vulnerability of the ABB eSOMS software for managing production processes allows a hacker to gain unauthorized access to protected information.

The vulnerability of the ABB eSOMS production process management software lies in the absence of a “Secure” flag in the session cookies files. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to protected information...

CVE-2022-38846

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

CVE-2022-38846

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

CVE-2022-38846

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

Design/Logic Flaw

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

CVE-2022-38846

CVE-2022-38846 affects EspoCRM 7.1.8 with a Missing Secure Flag in cookies, allowing cookies to be sent over HTTP and potentially captured via MITM. Vulnerable component is the cookie security flag handling; impact is exposure of cookies from an insecure channel. The available connected documents...

CVE-2022-38846

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

CVE-2021-35236 Missing Secure Flag From SSL Cookie

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...