CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

CVE-2026-41017

CVE-2026-41017 affects Apache Airflow where JWTRefreshMiddleware sets the JWT cookie without the Secure flag. This impacts deployments exposing the Airflow API server behind TLS-terminating proxies (e.g., nginx, Envoy, or managed load balancers) and may allow a network-positioned attacker to capt...

5.9CVSS5.9AI score0.00016EPSS

Exploits0References3Affected Software1

CVE•added 2026/04/01 8:54 p.m.•5 views

CVE-2026-4820

IBM Maximo Application Suite is affected by CVE-2026-4820 due to the session cookie ltpatoken2_ not being marked Secure, enabling potential cookie theft over insecure links. Affected versions: 8.10, 8.11, 9.0, 9.1. Remediations: 8.10.33, 8.11.30, 9.0.19, 9.1.8. CVSS Base score: 4.3 (CWE-614: Sens...

4.3CVSS5.8AI score0.00013EPSS

Exploits0References1Affected Software1

IBM Security Bulletins•added 2026/04/01 7:9 p.m.•5 views

Security Bulletin: IBM Maximo Application Suite was vulnerable to CVE-2026-4820 because Cookie ltpatoken2_<workspace_name> was not set with secure flag

Summary IBM Maximo Application Suite was vulnerable to CVE-2026-4820 because Cookie ltpatoken2 was not set with secure flag Vulnerability Details CVEID:CVE-2026-4820 DESCRIPTION: IBM Maximo Application Suite does not set the secure attribute on authorization tokens or session cookies. Attackers m...

4.3CVSS5.8AI score0.00013EPSS

Exploits0Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-1959

Malware in sbrugna...

6.8CVSS6AI score0.0121EPSS

Exploits1References11

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-6268

Malware in sbrugna...

5CVSS6.4AI score0.0044EPSS

Exploits0References8

RedhatCVE•added 2025/05/22 6:35 p.m.•7 views

CVE-2021-29248

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie...

5.3CVSS6.7AI score0.01079EPSS

Exploits0References1

OSV•added 2024/11/07 9:15 a.m.•0 views

CVE-2024-30142

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel...

3.8CVSS5.7AI score0.00032EPSS

Exploits0References1

Cvelist•added 2011/12/16 11:0 a.m.•15 views

CVE-2011-4849

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php a...

6.5AI score0.0025EPSS

Exploits0References2

Prion•added 2009/02/26 4:17 p.m.•8 views

Heap overflow

Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function."...

5CVSS7.2AI score0.0044EPSS

Exploits0References7Affected Software1

Cvelist•added 2009/02/26 4:0 p.m.•16 views

CVE-2008-6298

6.7AI score0.0044EPSS

Exploits0References7

Japan Vulnerability Notes•added 2008/11/10 4:29 a.m.•2 views

sISAPILocation vulnerability bypasses HTTP header rewrite function

Overview sISAPILocation, an ISAPI Internet Server Application Program Interface filter, contains a vulnerability that allows the HTTP header rewrite function to be bypassed. sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services...

5CVSS6.6AI score0.0044EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by