Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

386 matches found

Github Security Blog
Github Security Blogadded 2023/10/17 12:41 p.m.89 views

Go Fiber CSRF Token Validation Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and...

8.8CVSS8.9AI score0.00265EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2023/10/17 12:40 p.m.25 views

GHSA-94W9-97P3-P368 CSRF Token Reuse Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform...

9.6CVSS9.4AI score0.00313EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2023/10/16 8:45 p.m.16 views

CVE-2023-45128 CSRF Token Reuse Vulnerability in fiber

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to injec...

10CVSS7AI score0.00313EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2023/09/05 7:15 a.m.3 views

CVE-2023-41908

Cerebrate before 1.15 lacks the Secure attribute for the session cookie...

5.3CVSS5.8AI score0.0036EPSS
Exploits0References3
OSV
OSVadded 2023/09/05 7:15 a.m.15 views

CVE-2023-41908

Cerebrate before 1.15 lacks the Secure attribute for the session cookie...

5.3CVSS7.1AI score
Exploits0References2
Cvelist
Cvelistadded 2023/09/05 12:0 a.m.18 views

CVE-2023-41908

Cerebrate before 1.15 lacks the Secure attribute for the session cookie...

5.6AI score0.0036EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/09/05 12:0 a.m.9 views

CVE-2023-41908

Cerebrate before 1.15 lacks the Secure attribute for the session cookie...

6.9AI score0.0036EPSS
Exploits0References2
CVE
CVEadded 2023/09/05 12:0 a.m.29 views

CVE-2023-41908

Cerebrate (pre-1.15) has a vulnerability where the session cookie lacks the Secure attribute, enabling potential cookie interception over insecure channels. The issue affects Cerebrate versions prior to 1.15. The documented remediation is to upgrade to 1.15 or later, which ensures the session coo...

5.3CVSS5.3AI score0.0036EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2023/09/05 12:0 a.m.3 views

Cerebrate security breach

Cerebrate is an open source platform. It is intended to act as an interconnection coordinator between trusted contact information providers and other security tools. A security vulnerability exists in Cerebrate that stems from the lack of a Secure attribute on session cookies...

5.3CVSS6.6AI score0.0036EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/09/04 12:0 a.m.4 views

PT-2023-28161 · Cerebrate · Cerebrate

Name of the Vulnerable Software and Affected Versions: Cerebrate versions prior to 1.15 Description: The issue is related to the lack of the Secure attribute for the session cookie. This means that the session cookie is transmitted over an insecure channel, potentially allowing an attacker to...

5.3CVSS5.1AI score0.0036EPSS
Exploits0References7
CVE
CVEadded 2023/08/31 12:0 a.m.39 views

CVE-2023-4654

The CVE-2023-4654 issue affects instantsoft/icms2 prior to 2.16.1, where an HTTPS session cookie is marked without the Secure attribute. Multiple sources (NVD entry, Red Hat advisory) corroborate this description. The root cause is the missing Secure flag on a session cookie, enabling potential c...

3.5CVSS3.8AI score0.00289EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/08/31 12:0 a.m.10 views

CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...

2.6CVSS6.8AI score0.00289EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2023/08/31 12:0 a.m.3 views

PT-2023-30070 · Unknown · Instantsoft/Icms2

Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1 Description: The issue concerns a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute. This problem is identified in the GitHub repository instantsoft/icms2. Recommendations: For...

3.5CVSS3.6AI score0.00289EPSS
Exploits1References6
OSV
OSVadded 2023/08/15 7:15 p.m.1 views

CVE-2023-4336

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute...

9.8CVSS5.8AI score0.00588EPSS
Exploits0References2
NVD
NVDadded 2023/08/15 7:15 p.m.13 views

CVE-2023-4336

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute...

9.8CVSS9.4AI score0.00588EPSS
Exploits0References2
Prion
Prionadded 2023/08/15 7:15 p.m.13 views

Default configuration

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute...

7.5CVSS9.3AI score0.00588EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/08/15 6:25 p.m.10 views

CVE-2023-4336 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute...

7.1AI score0.00588EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/08/15 6:25 p.m.17 views

CVE-2023-4336 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute...

9.6AI score0.00588EPSS
Exploits0References1
CVE
CVEadded 2023/08/15 6:25 p.m.50 views

CVE-2023-4336

CVE-2023-4336 affects Broadcom RAID Controller web interface. Root cause: insecure default HTTP configuration that fails to set the Secure attribute on cookies. Reported impact includes high confidentiality, integrity, and availability concerns (networks exploitability with no user interaction; b...

9.8CVSS9.5AI score0.00588EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2023/08/15 12:0 a.m.2 views

Broadcom RAID Controller Security Vulnerability

The Broadcom RAID Controller is a series of RAID controllers from Broadcom Corporation USA. A security vulnerability exists in the Broadcom RAID Controller that stems from an insecure HTTP configuration in the web interface that prevents the protection of cookies with the Secure attribute...

9.8CVSS6.8AI score0.00588EPSS
Exploits0References2
Rows per page
Query Builder