Astra Linux - уязвимость в tomcat9

When using RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71, and 8.5.0 to 8.5.85 did not include the secure attribut...

EUVD-2009-5008

Malware in sbrugna...

EUVD-2018-11954

Malware in sbrugna...

EUVD-2019-1114

Malware in sbrugna...

EUVD-2019-13937

Malware in sbrugna...

EUVD-2020-20113

Malware in sbrugna...

EUVD-2004-0870

Malware in sbrugna...

EUVD-2021-27824

Malicious code in bioql PyPI...

EUVD-2023-27933

Malicious code in bioql PyPI...

CVE-2021-40650

In Connx Version 6.2.0.1269 20210623, a cookie can be issued by the application and not have the secure flag set...

CVE-2025-26844

The CVE-2025-26844 vulnerability affects Znuny up to version 7.1.3 where a cookie is set without the HttpOnly flag. The underlying issue is improper cookie configuration, enabling cookies to be accessible to client-side scripts. This could, per the available references, contribute to session-rela...

Digi TransPort 安全漏洞

The Digi International Digi TransPort is a full-featured cellular router from Digi International USA. A security vulnerability exists in the Digi TransPort Gateway that stems from them not setting the Secure attribute for sensitive cookies in HTTPS sessions, which could result in a user agent...

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in slackero/phpwcms

✍️ Description The secure flag is not set for PHPSESSID session cookie in the application. 🕵️‍♂️ Proof of Concept 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from...

cumin: session cookies lack httponly setting

It was found that Cumin did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...