Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

39 matches found

RedhatCVE
RedhatCVEadded 2026/05/28 2:15 p.m.5 views

CVE-2026-48902

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

9.8CVSS5.8AI score0.00001EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 5:16 p.m.10 views

CVE-2026-48902

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

9.8CVSS0.00001EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/26 4:43 p.m.6 views

CVE-2026-48902 Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

5.8AI score0.00001EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/26 4:43 p.m.39 views

CVE-2026-48902 Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

0.00001EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/01 9:30 p.m.1 views

EUVD-2026-18068

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS5.8AI score0.00013EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/01 8:54 p.m.0 views

CVE-2026-4820

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS5.8AI score0.00013EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/04/01 8:54 p.m.4 views

CVE-2026-4820

IBM Maximo Application Suite is affected by CVE-2026-4820 due to the session cookie ltpatoken2_ not being marked Secure, enabling potential cookie theft over insecure links. Affected versions: 8.10, 8.11, 9.0, 9.1. Remediations: 8.10.33, 8.11.30, 9.0.19, 9.1.8. CVSS Base score: 4.3 (CWE-614: Sens...

4.3CVSS5.8AI score0.00013EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/06 1:25 a.m.4 views

CVE-2023-38281

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

5.3CVSS5.3AI score0.00013EPSS
Exploits0References1
OSV
OSVadded 2026/02/04 9:15 p.m.0 views

CVE-2023-38281

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

5.3CVSS5.6AI score0.00013EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/04 8:45 p.m.2 views

CVE-2023-38281 Multiple Vulnerabilities in IBM Cloud Pak System

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

5.3CVSS5.4AI score0.00013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/04 8:45 p.m.2 views

CVE-2023-38281

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

5.3CVSS5.4AI score0.00013EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVEadded 2025/11/01 2:20 p.m.2 views

CVE-2025-36249

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

5.3CVSS6.5AI score0.00014EPSS
Exploits0References1
OSV
OSVadded 2025/10/31 1:15 p.m.0 views

CVE-2025-36249

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

5.3CVSS5.6AI score0.00014EPSS
Exploits0References1
NVD
NVDadded 2025/10/31 1:15 p.m.2 views

CVE-2025-36249

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

5.3CVSS0.00014EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-25562

Malware in sbrugna...

4.3CVSS4.8AI score0.00171EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-31734

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/09/11 8:27 p.m.1 views

CVE-2025-36011

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

4.3CVSS6.5AI score0.00021EPSS
Exploits0References1
NVD
NVDadded 2025/09/09 8:15 p.m.1 views

CVE-2025-36011

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

4.3CVSS0.00021EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:37 p.m.6 views

CVE-2021-25756

In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS...

5.3CVSS7.1AI score0.00003EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:58 p.m.1 views

CVE-2021-20450

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...

4.3CVSS6.3AI score0.00086EPSS
Exploits0References1
Rows per page
Query Builder