CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2025-8037 affects Mozilla Firefox (and Thunderbird) browsers when a nameless cookie value contains an equals sign, shadowing other cookies. Affected: Firefox <141, Firefox ESR <140.1, Thunderbird <141, Thunderbird

9.1CVSS7.3AI score0.00216EPSS

Exploits0References5Affected Software2

RedhatCVE•added 2025/05/22 11:57 p.m.•6 views

CVE-2022-24045

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The application, after a successful login, sets the session cookie on the browser...

6.5CVSS6.5AI score0.0108EPSS

Exploits0References1

OSV•added 2025/05/22 8:15 p.m.•4 views

CVE-2024-5962

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leadi...

6.1CVSS6AI score

Exploits0References1

RedhatCVE•added 2025/05/22 3:48 p.m.•6 views

CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...

9.8CVSS6.6AI score0.00472EPSS

Exploits1References1

NVD•added 2025/03/20 10:15 a.m.•4 views

CVE-2024-10718

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0...

7.5CVSS0.00075EPSS

Exploits1References2

Tenable Nessus•added 2025/03/05 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2022-24737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the...

6.5CVSS6.4AI score0.006EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by