15 matches found
CVE-2025-52608 HCL iControl was affected by Missing Cookie Attributes vulnerability.
HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root...
CVE-2025-52608 HCL iControl was affected by Missing Cookie Attributes vulnerability.
HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root...
CVE-2025-52608
HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006936)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006936 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential struct net leak in inet6rtmgetaddr It seems that if userspace provides a...
GHSA-QF73-2HRX-XPRP PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)
Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...
EUVD-2025-35196
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-24387
A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue...
kernel: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
A flaw was discovered in the Linux kernel's IPv6 implementation, specifically within the inet6rtmgetaddr function. The issue arises when user space provides a valid IFATARGETNETNSID value but omits the IFAADDRESS and IFALOCAL attributes. In such cases, the function returns an -EINVAL error while...
IBM Security QRadar Security Vulnerabilities
IBM Security QRadar is a modernized threat detection and response solution from International Business Machines IBM, Inc. designed to unify and integrate the security analyst experience and improve their response speed throughout the incident lifecycle. A security vulnerability exists in IBM...
DEBIAN-CVE-2024-27417
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6rtmgetaddr It seems that if userspace provides a correct IFATARGETNETNSID value but no IFAADDRESS and IFALOCAL attributes, inet6rtmgetaddr returns -EINVAL with an elevated "struct net...
frr: crafted BGP UPDATE message leading to a crash
A flaw was found in FRRouting. A crash can occur for a crafted BGP UPDATE message without mandatory attributes for example, one with only an unknown transit attribute...
frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message
A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...
frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message
A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...
Cross-site Scripting (XSS)
Overview github.com/mattermost/mattermost-server is an open source Slack-alternative in Golang and React. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the lack of noreferrer and noopener link relationship attributes. An attacker can execute arbitrary scripts in...
PT-2019-16947 · Ibm · Ibm Cognos Controller
Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.3.0 through 10.4.1 Description: The issue allows an attacker to obtain sensitive information using man-in-the-middle techniques because it does not set the secure attribute on authorization tokens or session...