EUVD-2020-29078

Malware in sbrugna...

CVE-2025-24387

CVE-2025-24387 affects OTRS Application Server (OTRS 7.0.x, 8.0.x, 2023.x, 2024.x, 2025.x). Root cause: missing attributes for sensitive cookie settings in HTTPS sessions, enabling potential session hijacking where an attacker signed requests from a malicious site to read the authentication cooki...

CVE-2025-24390

The CVE-2025-24390 issue affects OTRS Application Server and reverse proxy configurations, enabling session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. Affected: OTRS 7.0.X, 8.0.X, 2023.X, 2024.X. Root cause: incomplete cookie security attributes in HTTPS ...

Cross site request forgery (csrf)

Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery CSRF in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie...

JVN#65677118 Pixelpost cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected Pixelpost 1.5 RC1-2 and earlier...