Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
šŸ”„ Daily Hot!
šŸ’ŖšŸ½ CPE Enhanced Advisories
šŸ•¶ Shadow Exploits
šŸ•µšŸ¼ Vulners CPE
šŸ” Security news
šŸ’» Exploit updates
šŸ“‘ Blogs review
šŸ§ Linux vulnerabilities
šŸž Bugbounty
šŸ¤– AI High Score
šŸ“° CVE Feed
show all

386 matches found

EUVD
EUVDā€¢added 2025/10/03 8:7 p.m.ā€¢2 views

EUVD-2023-0500

Malicious code in bioql PyPI...

5.3CVSS4.2AI score0.00436EPSS
Exploits1References4
EUVD
EUVDā€¢added 2025/10/03 8:7 p.m.ā€¢1 views

EUVD-2022-0229

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00541EPSS
Exploits1References5
EUVD
EUVDā€¢added 2025/10/03 8:7 p.m.ā€¢3 views

EUVD-2023-2623

Malicious code in bioql PyPI...

6.3CVSS6.3AI score0.00287EPSS
Exploits1References4
EUVD
EUVDā€¢added 2025/10/03 8:7 p.m.ā€¢3 views

EUVD-2022-7649

Malicious code in bioql PyPI...

7.5CVSS4.7AI score0.00515EPSS
Exploits0References7
EUVD
EUVDā€¢added 2025/10/03 8:7 p.m.ā€¢3 views

EUVD-2022-0236

Malicious code in bioql PyPI...

5.3CVSS5.3AI score0.00385EPSS
Exploits1References4
EUVD
EUVDā€¢added 2025/10/03 8:7 p.m.ā€¢4 views

EUVD-2025-19849

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00247EPSS
Exploits0References7
EUVD
EUVDā€¢added 2025/10/03 8:7 p.m.ā€¢4 views

EUVD-2023-42180

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00569EPSS
Exploits0References2
RedhatCVE
RedhatCVEā€¢added 2025/09/11 8:27 p.m.ā€¢4 views

CVE-2025-36011

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

4.3CVSS6.5AI score0.00165EPSS
Exploits0References1
CVE
CVEā€¢added 2025/09/09 7:32 p.m.ā€¢11 views

CVE-2025-36011

CVE-2025-36011 affects IBM Jazz for Service Management versions 1.1.3.0ā€“1.1.3.24. The underlying issue is that authorization tokens and session cookies are stored without the Secure attribute, enabling cookie disclosure if a user is directed to or visits an insecure HTTP link. This could allow an...

4.3CVSS6AI score0.00165EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsā€¢added 2025/09/09 11:56 a.m.ā€¢7 views

Security Bulletin: IBM Jazz for Service Management is vulnerable to "cookiesEnabled" cookie not sent over SSL

Summary IBM Jazz for Service Management is vulnerable to "cookiesEnabled" cookie not sent over SSL CVE-2025-36011. Vulnerability Details CVEID:CVE-2025-36011 DESCRIPTION: IBM Jazz for Service Management does not set the secure attribute on authorization tokens or session cookies. Attackers may be...

4.3CVSS6.4AI score0.00165EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologiesā€¢added 2025/09/09 12:0 a.m.ā€¢4 views

PT-2025-36933

Name of the Vulnerable Software and Affected Versions: IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.24 Description: IBM Jazz for Service Management does not set the secure attribute on authorization tokens or session cookies. This may allow attackers to obtain cookie values by...

4.3CVSS6.1AI score0.00165EPSS
Exploits0References4
NVD
NVDā€¢added 2025/09/03 8:15 p.m.ā€¢5 views

CVE-2025-55162

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

8.8CVSS0.0031EPSS
Exploits1References2
CVE
CVEā€¢added 2025/09/03 7:51 p.m.ā€¢19 views

CVE-2025-55162

CVE-2025-55162 affects Envoy (OAuth2 filter). The issue is insufficient Session Expiration: when cookie names are __Secure- or __Host-, the filter fails to add the Secure attribute to the Set-Cookie header during deletion, causing cookies to persist and enabling session hijacking on shared machin...

8.8CVSS6.3AI score0.0031EPSS
Exploits1References2Affected Software1
Redos
Redosā€¢added 2025/08/28 12:0 a.m.ā€¢2 views

ROS-20250828-03

The Apache Tomcat application server vulnerability is due to Apache Tomcat not setting the attribute "Secure" attribute for session cookie JSESSIONID when using RemoteIpFilter with requests, received from a reverse proxy server over HTTP and containing an X-Forwarded-Proto header set to on https...

4.3CVSS7.5AI score0.01831EPSS
Exploits0
Tenable Nessus
Tenable Nessusā€¢added 2025/07/28 12:0 a.m.ā€¢3 views

FreeBSD : Mozilla -- cookie shadowing (5abc2187-685e-11f0-a12d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5abc2187-685e-11f0-a12d-b42e991fc52e advisory. [email protected] reports: Setting a nameless cookie with an equals sign in the value shadowed other...

9.1CVSS5.5AI score0.00219EPSS
Exploits0References3
SUSE CVE
SUSE CVEā€¢added 2025/07/23 11:25 p.m.ā€¢4 views

SUSE CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

5.4CVSS7.3AI score0.00219EPSS
Exploits0References6
OSV
OSVā€¢added 2025/07/22 9:15 p.m.ā€¢4 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS5.8AI score0.00219EPSS
Exploits0References5
NVD
NVDā€¢added 2025/07/22 9:15 p.m.ā€¢4 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS0.00219EPSS
Exploits0References5
CVE
CVEā€¢added 2025/07/22 8:49 p.m.ā€¢79 views

CVE-2025-8037

CVE-2025-8037 affects Mozilla Firefox (and Thunderbird) browsers when a nameless cookie value contains an equals sign, shadowing other cookies. Affected: Firefox <141, Firefox ESR <140.1, Thunderbird <141, Thunderbird

9.1CVSS7.3AI score0.00219EPSS
Exploits0References5Affected Software2
ATTACKERKB
ATTACKERKBā€¢added 2025/07/22 8:49 p.m.ā€¢4 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS5.8AI score0.00219EPSS
Exploits0References6
Rows per page
Query Builder