497 matches found
CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...
CVE-2024-58317
CVE-2024-58317 affects Kentico Xperience (
CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...
EulerOS 2.0 SP13 : curl (EulerOS-SA-2025-2519)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...
CVE-2025-41746
An XSS vulnerability in pxcportSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...
CVE-2025-41745
An XSS vulnerability in pxcportCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-leve...
PT-2025-49823
An XSS vulnerability in pxc portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
PT-2025-49819
An XSS vulnerability in pxc vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to...
PT-2025-49821
An XSS vulnerability in port util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
EUVD-2025-199765
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions...
EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-2320)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-2320)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2016-11076
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL...
CVE-2025-36249
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
CVE-2025-36249 IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
PT-2025-44624
Name of the Vulnerable Software and Affected Versions IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.25 Description The software does not set the secure attribute on authorization tokens or session cookies. This could allow attackers to obtain cookie values by sending an insecure...
CVE-2025-48980
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...
GO-2025-4054 Mattermost Server does not check if cookies are used over SSL in github.com/mattermost/mattermost-server
Mattermost Server does not check if cookies are used over SSL in github.com/mattermost/mattermost-server...
CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...
CVE-2025-64100
CKAN (open-source data management system) is vulnerable to session fixation prior to versions 2.10.9 and 2.11.4 when server-side session storage is configured (CKAN uses cookie-based storage by default). An attacker could fix a victim's session ID by setting a cookie or stealing a valid session. ...