Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11 matches found

PyPA
PyPAadded 3 days ago5 views

PYSEC-0000-CVE-2026-41017

Apache Airflow's JWTRefreshMiddleware set the JWT auth cookie without the Secure flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default...

5.9CVSS5.9AI score0.00016EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2025/12/09 4:17 p.m.0 views

CVE-2025-41748

An XSS vulnerability in pxcDot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

7.1CVSS5.8AI score
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2015-7351

Malware in sbrugna...

5CVSS6.4AI score0.00225EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2018-17251

Malware in sbrugna...

5.3CVSS5.5AI score0.00142EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-28078

Malicious code in bioql PyPI...

3.8CVSS6.6AI score0.00032EPSS
Exploits0References1
OSV
OSVadded 2023/03/22 11:15 a.m.0 views

UBUNTU-CVE-2023-28708

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...

4.3CVSS6.7AI score0.0011EPSS
Exploits0References5
OSV
OSVadded 2020/10/29 9:15 a.m.0 views

CVE-2020-27650

Synology DiskStation Manager DSM before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

3.7CVSS6.6AI score0.00168EPSS
Exploits0References1
OSV
OSVadded 2016/09/29 10:59 a.m.1 views

CVE-2016-7090

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

4CVSS5.8AI score0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2015/05/12 12:0 a.m.2 views

PT-2015-5470 · Pcs +2 · Pcs +2

Name of the Vulnerable Software and Affected Versions: PCS versions 0.9.137 and earlier Description: The issue concerns the pcs daemon pcsd in PCS, where it fails to set the secure flag for a cookie in an https session. This oversight makes it easier for remote attackers to capture the cookie by...

6.8CVSS6AI score0.0121EPSS
Exploits1References24
OSV
OSVadded 2015/04/10 2:59 p.m.3 views

DEBIAN-CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

4.3CVSS6.4AI score0.00614EPSS
Exploits0References1
OSV
OSVadded 2015/04/10 2:59 p.m.0 views

UBUNTU-CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

4.3CVSS5.8AI score0.00614EPSS
Exploits0References3
Rows per page
Query Builder