Lucene search
K

497 matches found

Cvelist
Cvelist
added 2025/12/18 7:53 p.m.25 views

CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

6.9CVSS0.00162EPSS
Exploits0References2
CVE
CVE
added 2025/12/18 7:53 p.m.16 views

CVE-2024-58317

CVE-2024-58317 affects Kentico Xperience (

6.9CVSS6.7AI score0.00162EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.5 views

CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

6.9CVSS6.7AI score0.00162EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.3 views

EulerOS 2.0 SP13 : curl (EulerOS-SA-2025-2519)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...

7.5CVSS6.2AI score0.01301EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/10 8:36 a.m.4 views

CVE-2025-41746

An XSS vulnerability in pxcportSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...

7.1CVSS6.3AI score0.08549EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 4:17 p.m.5 views

CVE-2025-41745

An XSS vulnerability in pxcportCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-leve...

7.1CVSS5.8AI score0.00569EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.8 views

PT-2025-49823

An XSS vulnerability in pxc portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

7.1CVSS6.3AI score0.08549EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-49819

An XSS vulnerability in pxc vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to...

7.1CVSS6.3AI score0.08549EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.11 views

PT-2025-49821

An XSS vulnerability in port util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

7.1CVSS6.3AI score0.00569EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/26 10:11 p.m.5 views

EUVD-2025-199765

Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions...

6.5AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.3 views

EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-2320)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...

7.5CVSS6.4AI score0.01301EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/11/12 12:0 a.m.1 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-2320)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.01301EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/11/09 2:28 a.m.4 views

SUSE CVE-2016-11076

An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL...

5.3CVSS7AI score0.00872EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/01 2:20 p.m.4 views

CVE-2025-36249

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

5.3CVSS6.5AI score0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/31 1:5 p.m.6 views

CVE-2025-36249 IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

3.7CVSS6.1AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.4 views

PT-2025-44624

Name of the Vulnerable Software and Affected Versions IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.25 Description The software does not set the secure attribute on authorization tokens or session cookies. This could allow attackers to obtain cookie values by sending an insecure...

5.3CVSS6.2AI score0.00143EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/30 11:29 p.m.5 views

CVE-2025-48980

In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...

6.5CVSS6.4AI score0.00298EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 3:2 p.m.3 views

GO-2025-4054 Mattermost Server does not check if cookies are used over SSL in github.com/mattermost/mattermost-server

Mattermost Server does not check if cookies are used over SSL in github.com/mattermost/mattermost-server...

5.3CVSS7AI score0.00872EPSS
Exploits0References4
OSV
OSV
added 2025/10/29 5:54 p.m.6 views

CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...

6.1CVSS6.5AI score0.00269EPSS
Exploits0References4
CVE
CVE
added 2025/10/29 5:54 p.m.11 views

CVE-2025-64100

CKAN (open-source data management system) is vulnerable to session fixation prior to versions 2.10.9 and 2.11.4 when server-side session storage is configured (CKAN uses cookie-based storage by default). An attacker could fix a victim's session ID by setting a cookie or stealing a valid session. ...

6.1CVSS6.2AI score0.00269EPSS
Exploits0References2
Rows per page
Query Builder