CVE-2026-44985

The CVE-2026-44985 vulnerability affects Dozzle prior to version 10.5.2 where the WebSocket upgrader for /exec and /attach uses CheckOrigin: true, allowing cross-origin upgrade requests. When combined with a SameSite: Lax JWT cookie, this enables Cross-Site WebSocket Hijacking (CSWSH) from a same...

CVE-2026-28779

Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

CVE-2026-28779 Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

CVE-2023-7337

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied...

EUVD-2010-4534

Malware in sbrugna...

GHSA-Q42Q-523G-3FWV Cross-Site Request Forgery

This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...

Softwaremill Akka-http-session Cross-Site Request Forgery Vulnerability

Softwaremill Softwaremill Akka-http-session is a codebase for providing continuous JWT and continuous connectivity support for single page or mobile applications from Softwaremill, Poland. A cross-site request forgery vulnerability exists in Softwaremill Akka-http-session core2.12 from 0 and befo...

CVE-2020-15776

An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token, allowing them to...

Red Hat PCS Backend Program Sensitive Cookie Information Disclosure Vulnerability

Red Hat is an operating system based on the linux kernel. The PCSD backend program in Red Hat PCS fails to properly set the security token for cookies in https sessions, allowing remote attackers to exploit the vulnerability to obtain sensitive information via intercepted communications...

Slack: Team admin can change unauthorized team setting (allow_message_deletion)

Team admin can escalate his privileges and change 'allowmessagedeletion' team setting, which can be changed only by a team owner. Steps to reproduce: 1. Log in as team admin. 2. Send the below request using his cookie & token and notice that it changes 'allowmessagedeletion' team setting to true...

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page

The phpMyAdmin development team reports: When modifying a URL parameter with a crafted value it is possible to trigger an XSS. These XSS can only be triggered when a valid database is known and when a valid cookie token is used...