Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2026/06/04 11:49 a.m.8 views

CVE-2025-52608 HCL iControl was affected by Missing Cookie Attributes vulnerability.

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root...

3.1CVSS5.8AI score0.00098EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 11:49 a.m.43 views

CVE-2025-52608 HCL iControl was affected by Missing Cookie Attributes vulnerability.

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root...

3.1CVSS0.00098EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:49 a.m.8 views

CVE-2025-52608

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root...

3.1CVSS5.8AI score0.00098EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.8 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006936)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006936 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential struct net leak in inet6rtmgetaddr It seems that if userspace provides a...

5.5CVSS6.8AI score0.00238EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 7:17 p.m.7 views

GHSA-QF73-2HRX-XPRP PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...

9.9CVSS6.4AI score0.00541EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/21 5:22 p.m.8 views

EUVD-2025-35196

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

5.3CVSS6.4AI score0.0019EPSS
Exploits0References2
OSV
OSV
added 2025/03/10 10:15 a.m.3 views

CVE-2025-24387

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue...

6.5CVSS5.8AI score0.0014EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/08/15 5:34 a.m.12 views

kernel: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

A flaw was discovered in the Linux kernel's IPv6 implementation, specifically within the inet6rtmgetaddr function. The issue arises when user space provides a valid IFATARGETNETNSID value but omits the IFAADDRESS and IFALOCAL attributes. In such cases, the function returns an -EINVAL error while...

5.5CVSS7.2AI score0.00238EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.6 views

IBM Security QRadar Security Vulnerabilities

IBM Security QRadar is a modernized threat detection and response solution from International Business Machines IBM, Inc. designed to unify and integrate the security analyst experience and improve their response speed throughout the incident lifecycle. A security vulnerability exists in IBM...

5.3CVSS6.6AI score0.0024EPSS
Exploits0References4
OSV
OSV
added 2024/05/17 12:15 p.m.1 views

DEBIAN-CVE-2024-27417

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6rtmgetaddr It seems that if userspace provides a correct IFATARGETNETNSID value but no IFAADDRESS and IFALOCAL attributes, inet6rtmgetaddr returns -EINVAL with an elevated "struct net...

5.5CVSS5.4AI score0.00238EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/04/30 10:28 a.m.9 views

frr: crafted BGP UPDATE message leading to a crash

A flaw was found in FRRouting. A crash can occur for a crafted BGP UPDATE message without mandatory attributes for example, one with only an unknown transit attribute...

5.9CVSS5.7AI score0.00785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/30 1:24 p.m.4 views

frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message

A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...

7.5CVSS5.7AI score0.00911EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/01/25 10:51 a.m.1 views

frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message

A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...

7.5CVSS5.7AI score0.00911EPSS
Exploits0References4
Snyk
Snyk
added 2022/05/24 5:21 p.m.3 views

Cross-site Scripting (XSS)

Overview github.com/mattermost/mattermost-server is an open source Slack-alternative in Golang and React. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the lack of noreferrer and noopener link relationship attributes. An attacker can execute arbitrary scripts in...

6.1CVSS5.5AI score0.00685EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/09/17 12:0 a.m.3 views

PT-2019-16947 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.3.0 through 10.4.1 Description: The issue allows an attacker to obtain sensitive information using man-in-the-middle techniques because it does not set the secure attribute on authorization tokens or session...

4.3CVSS4AI score0.00642EPSS
Exploits0References3
Rows per page
Query Builder