Lucene search
K

73 matches found

RedhatCVE
RedhatCVE
added 2025/06/30 1:34 a.m.17 views

CVE-2025-36026

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

4.3CVSS6.7AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:58 a.m.8 views

CVE-2024-37830

An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...

6.1CVSS6.7AI score0.00313EPSS
Exploits1References1
NVD
NVD
added 2024/12/30 5:15 p.m.19 views

CVE-2024-56733

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

5.7CVSS0.00209EPSS
Exploits0References1
OSV
OSV
added 2024/07/09 8:15 p.m.11 views

CVE-2024-37830

An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...

6.1CVSS6.7AI score0.00313EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/09 12:0 a.m.28 views

CVE-2024-37830

An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...

0.00313EPSS
Exploits1References1
CVE
CVE
added 2024/07/09 12:0 a.m.57 views

CVE-2024-37830

Summary: CVE-2024-37830 affects Outline up to v0.76.1. An issue allows an attacker to redirect a victim to a malicious site by intercepting and modifying the app’s state cookie. The vulnerability is described across Red Hat, NVD, CVE listings and partner advisories, with the recommended fix being...

6.1CVSS6.4AI score0.00313EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2024/04/26 4:32 a.m.45 views

HackerOne: 2FA Bypass via Leaked Cookies

Vulnerability description not provided...

7.1AI score
Exploits0
OSV
OSV
added 2023/02/16 7:15 p.m.2 views

CVE-2021-43074

An improper verification of cryptographic signature vulnerability CWE-347 in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.4 views

SUSE CVE-2013-4964

Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

5CVSS6.7AI score0.01618EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.3 views

SUSE CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

4.3CVSS6.8AI score0.02183EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:11 a.m.3 views

SUSE CVE-2015-8470

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

6.5CVSS6.9AI score0.0162EPSS
Exploits0References3
Prion
Prion
added 2022/06/02 2:15 p.m.21 views

Information disclosure

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack...

4.3CVSS5.6AI score0.00664EPSS
Exploits2References2Affected Software1
Redos
Redos
added 2022/05/18 12:0 a.m.51 views

ROS-20220518-02

A vulnerability in Mozilla Thunderbird email client is related to incorrect processing of user input data when processing signed and encrypted attached messages. user input when processing signed and encrypted attached messages. Exploitation exploitation of the vulnerability could allow a remote...

9.8CVSS8.4AI score0.01005EPSS
Exploits3
OSV
OSV
added 2022/05/17 12:50 a.m.3 views

GHSA-G7CF-WG27-QW87 Jenkins secure flag not set on session cookies

Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session...

5.3CVSS6AI score0.0272EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2021/06/25 12:0 a.m.5 views

The vulnerability of the \hms\admin\appointment-history.php component, a web application for managing hospitals within the PHPGurukul Hospital Management System, allows an attacker to intercept cookie files.

The vulnerability of the \hms\admin\appointment-history.php web application, a hospital management system for PHPGurukul, is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to intercept cookie files...

5.5CVSS5.9AI score0.0052EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2021/05/21 12:0 a.m.7 views

Unspecified Vulnerability in Emerson Rosemount X-STREAM Gas Analyzer

The Emerson Rosemount X-STREAM Gas Analyzer is an Emerson gas analyzer for industrial environments. The device supports up to five component gas analyzers and features NDIR/UV/VIS photometry, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors. A security vulnerability...

5.3CVSS6.7AI score0.009EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/18 12:0 a.m.8 views

Emerson Rosemount X-STREAM Gas Analyzer 安全漏洞

The Emerson Rosemount X-STREAM Gas Analyzer is an Emerson gas analyzer for industrial environments. The device supports up to five component gas analyzers and features NDIR/UV/VIS photometry, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors. A security vulnerability...

5.3CVSS5.6AI score0.009EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/03/11 12:0 a.m.7 views

The vulnerability of the Netlify domain controller, related to improperly configured DNS records, allows attackers to intercept cookie files, bypass Content Security Policy (CSP) security policies, Cross-Origin Resource Sharing (CORS) mechanisms, and gain unauthorized access to protected information.

The vulnerability of the Netlify domain controller implementation is related to improperly configured DNS records. Exploiting this vulnerability allows a malicious actor to intercept cookie files, bypass security mechanisms like CSP, Cross-Origin Resource Sharing CORS, and gain unauthorized acces...

10CVSS5.5AI score
Exploits0References1
CNVD
CNVD
added 2020/12/01 12:0 a.m.6 views

HCL iNotes Sensitive Cookie Disclosure Vulnerability

HCL iNotes is a software from HCL India that allows management of IBM Domino mail, scheduling of errands, and other office activity management. HCL iNotes suffers from a sensitive cookie disclosure vulnerability. An attacker can exploit this vulnerability to capture cookies by intercepting the...

5.9CVSS6.3AI score0.00666EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/12/01 12:0 a.m.4 views

The vulnerability of the Synology Router Manager operating system arises from the absence of a “secure” flag in session cookie files. This allows attackers to gain unauthorized access to the target device.

The vulnerability of the Synology Router Manager operating system is related to the absence of the “secure” flag in session cookies files. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to the target device by intercepting session cookie...

8.1CVSS7.7AI score0.00762EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder