81 matches found
CVE-2026-4820 IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...
CVE-2026-33400
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...
PT-2026-20513
Name of the Vulnerable Software and Affected Versions MajorDoMo versions affected versions not specified Description MajorDoMo contains a stored cross-site scripting XSS issue through the /objects/?op=set API endpoint. This endpoint is intentionally unauthenticated for integration with IoT device...
EUVD-2023-42101
IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...
CVE-2026-22081 Cookie without HTTPOnly Flag Vulnerability in Tenda Wireless Routers
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies...
PT-2026-2149
Name of the Vulnerable Software and Affected Versions Tenda 300Mbps Wireless Router F3 Tenda N300 Easy Setup Router Description The routers are susceptible to a security issue stemming from the absence of the HTTPOnly flag on session cookies used with the web-based administrative interface. An...
PT-2025-53743
Name of the Vulnerable Software and Affected Versions Meshtastic versions 2.5 through 2.7.14 Description Meshtastic firmware, starting with version 2.5, implemented asymmetric encryption PKI for direct messages. However, when the pki encrypted flag is absent, the firmware reverts to legacy...
Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29154)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from the lack of Secure and HTTPOnly...
Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from the lack of Secure and HTTPOnly...
CVE-2025-52614
HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site...
CVE-2025-52614 HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability
HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site...
CVE-2025-52614
CVE-2025-52614 affects HCL Unica Platform. The issue is a cookie without the HTTPOnly flag, enabling a malicious actor to induce the event by sending users crafted links, directly or via a site. Public sources provide the vulnerability description but do not specify affected versions, exploit det...
EUVD-2016-3388
Malware in sbrugna...
CVE-2025-57424
A stored cross-site scripting XSS vulnerability exists in the MyCourts v3 application within the LTA number profile field. An attacker can insert arbitrary JavaScript into their profile, which executes in the browser of any user viewing it, including administrators. Due to the absence of the...
DRUPAL-CONTRIB-2025-109
This module enables you to add Umami Analytics web statistics tracking system to your website. The "administer umami analytics" permission allows inserting an arbitrary JavaScript file on every page. While this is an expected feature, the permission lacks the "restrict access" flag, which should...
Endress+Hauser MEAC300-FNADE4 安全漏洞
The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4 that stems from the HttpOnly flag not being set, which can be exploited by an attacker to cause session...
CLSA-2025-1749571114 pam: Fix of 2 CVEs
CVE-2024-10041: fix possibility of leakage of secret information stored in memory - CVE-2024-22365: fix potential DoS via mkfifo because the openat call lacks ODIRECTORY...
UBUNTU-CVE-2025-26844
An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...
The vulnerability of the IBM Security Directory Integrator and the IBM Security Verify Directory Integrator data integration tools lies in the absence of a “Secure” flag in the session cookies. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the IBM Security Directory Integrator and the IBM Security Verify Directory Integrator data integration tools is related to the absence of the “Secure” flag in the session cookies. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain...
CVE-2022-43845
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...