Lucene search
K

498 matches found

EUVD
EUVD
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-12045

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...

6.3CVSS5.8AI score0.00102EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:55 p.m.5 views

CVE-2026-32745

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...

6.3CVSS0.00102EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 3:50 p.m.28 views

CVE-2026-32745

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...

6.3CVSS0.00102EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 3:50 p.m.2 views

CVE-2026-32745

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...

6.3CVSS5.8AI score0.00102EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/13 3:50 p.m.3 views

CVE-2026-32745

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...

6.3CVSS5.8AI score0.00102EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.7 views

PT-2026-25323

CVE-2026-32745 In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings https://t.co/5G9cZc08Tr...

6.3CVSS5.8AI score0.00102EPSS
Exploits0References4
Amazon
Amazon
added 2026/02/18 12:0 a.m.11 views

Medium: python3.12

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

6CVSS5.6AI score0.0056EPSS
Exploits0
EUVD
EUVD
added 2026/02/04 8:45 p.m.5 views

EUVD-2023-42101

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References2
CVE
CVE
added 2026/02/04 8:45 p.m.15 views

CVE-2023-38281

CVE-2023-38281 affects IBM Cloud Pak System. The issue is that authorization tokens and session cookies are not marked with the Secure attribute, allowing cookies to be exposed if a user visits an http link or if a link is planted on a site, enabling traffic snooping. Affected products/versions i...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/01/27 8:53 a.m.4 views

CVE-2026-24816 Cookie Security Vulnerabilities in datavane/tis

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in datavane tis tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules. This vulnerability is associated with program files ChangeDomainAction.Java. This issue affects tis: before v4.3.0...

10CVSS5.9AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/21 12:31 a.m.6 views

EUVD-2026-3521

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS5.4AI score0.00401EPSS
Exploits0References5
OSV
OSV
added 2026/01/20 9:52 p.m.6 views

PSF-2026-5

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS5.4AI score0.00401EPSS
Exploits0References9
CVE
CVE
added 2026/01/20 9:52 p.m.40 views

CVE-2026-0672

CVE-2026-0672 concerns Python’s handling of cookie/header parsing (notably http.cookies.Morsel) where user-controlled cookie values and parameters could inject HTTP headers. Connected advisories confirm related fixes across Python builds and distributions (Ubuntu USN-8018-1; Debian DLA-4455; Chai...

6CVSS5.4AI score0.00401EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/01/20 9:52 p.m.22 views

CVE-2026-0672 Header injection in http.cookies.Morsel

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS0.00401EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : php-8.0.27-1.el9 (AXSA:2023-5186:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5186:02 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a Host- or Secure- cook...

9.8CVSS7.8AI score0.49336EPSS
Exploits6References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.4 views

CVE-2023-29259

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055...

5.3CVSS6.5AI score0.00475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:3 a.m.9 views

CVE-2024-39734

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent...

4.3CVSS6AI score0.00233EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.6 views

EulerOS Virtualization 2.13.1 : curl (EulerOS-SA-2025-2621)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target...

7.5CVSS6.3AI score0.01301EPSS
Exploits1References2
OSV
OSV
added 2025/12/18 8:15 p.m.5 views

CVE-2024-58317

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

6.9CVSS5.8AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 2025/12/18 8:15 p.m.30 views

CVE-2024-58317

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

6.9CVSS0.00162EPSS
Exploits0References2
Rows per page
Query Builder