498 matches found
EUVD-2026-12045
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...
CVE-2026-32745
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...
CVE-2026-32745
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...
CVE-2026-32745
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...
CVE-2026-32745
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...
PT-2026-25323
CVE-2026-32745 In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings https://t.co/5G9cZc08Tr...
Medium: python3.12
Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...
EUVD-2023-42101
IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...
CVE-2023-38281
CVE-2023-38281 affects IBM Cloud Pak System. The issue is that authorization tokens and session cookies are not marked with the Secure attribute, allowing cookies to be exposed if a user visits an http link or if a link is planted on a site, enabling traffic snooping. Affected products/versions i...
CVE-2026-24816 Cookie Security Vulnerabilities in datavane/tis
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in datavane tis tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules. This vulnerability is associated with program files ChangeDomainAction.Java. This issue affects tis: before v4.3.0...
EUVD-2026-3521
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...
PSF-2026-5
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...
CVE-2026-0672
CVE-2026-0672 concerns Python’s handling of cookie/header parsing (notably http.cookies.Morsel) where user-controlled cookie values and parameters could inject HTTP headers. Connected advisories confirm related fixes across Python builds and distributions (Ubuntu USN-8018-1; Debian DLA-4455; Chai...
CVE-2026-0672 Header injection in http.cookies.Morsel
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...
MiracleLinux 9 : php-8.0.27-1.el9 (AXSA:2023-5186:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5186:02 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a Host- or Secure- cook...
CVE-2023-29259
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055...
CVE-2024-39734
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent...
EulerOS Virtualization 2.13.1 : curl (EulerOS-SA-2025-2621)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target...
CVE-2024-58317
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...
CVE-2024-58317
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...