Lucene search
K

14 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Tomcat9

When using RemoteIpFilter with requests received from a reverse proxy via HTTP that includes the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71, and 8.5.0 to 8.5.85 did not include the secure...

4.3CVSS6.8AI score0.01831EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-11954

Malware in sbrugna...

7.5CVSS6.7AI score0.02032EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-13937

Malware in sbrugna...

4.3CVSS4.2AI score0.01116EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-20113

Malware in sbrugna...

5.3CVSS5.6AI score0.01128EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-5008

Malware in sbrugna...

5CVSS6.4AI score0.01064EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-1114

Malware in sbrugna...

8.8CVSS8.8AI score0.0106EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2004-0870

Malware in sbrugna...

5CVSS6.4AI score0.02731EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-27933

Malicious code in bioql PyPI...

8.1CVSS6.4AI score0.01298EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-27824

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00748EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:41 p.m.5 views

CVE-2021-40650

In Connx Version 6.2.0.1269 20210623, a cookie can be issued by the application and not have the secure flag set...

6.5CVSS7AI score0.00748EPSS
Exploits1
CVE
CVE
added 2025/05/08 12:0 a.m.56 views

CVE-2025-26844

The CVE-2025-26844 vulnerability affects Znuny up to version 7.1.3 where a cookie is set without the HttpOnly flag. The underlying issue is improper cookie configuration, enabling cookies to be accessible to client-side scripts. This could, per the available references, contribute to session-rela...

9.8CVSS6.5AI score0.00363EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/12/10 12:0 a.m.3 views

Digi TransPort 安全漏洞

The Digi International Digi TransPort is a full-featured cellular router from Digi International USA. A security vulnerability exists in the Digi TransPort Gateway that stems from them not setting the Secure attribute for sensitive cookies in HTTPS sessions, which could result in a user agent...

7.5CVSS7.3AI score0.00588EPSS
Exploits0References3
Huntr
Huntr
added 2021/08/21 10:39 a.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in slackero/phpwcms

✍️ Description The secure flag is not set for PHPSESSID session cookie in the application. 🕵️‍♂️ Proof of Concept 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from...

0.3AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/07/09 8:49 a.m.4 views

cumin: session cookies lack httponly setting

It was found that Cumin did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...

4.3CVSS5.7AI score0.01585EPSS
Exploits0References4
Rows per page
Query Builder