Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

882 matches found

RedhatCVE
RedhatCVEadded 2025/05/21 11:48 p.m.14 views

CVE-2003-1567

The undocumented TRACK method in Microsoft Internet Information Services IIS 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by usi...

5.8CVSS7AI score0.79871EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/10 12:20 a.m.9 views

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

9.8CVSS6.8AI score0.00366EPSS
Exploits0References1
OSV
OSVadded 2025/05/08 4:15 p.m.6 views

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

9.8CVSS6.7AI score
Exploits0References2
NVD
NVDadded 2025/05/08 4:15 p.m.13 views

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

9.8CVSS0.00366EPSS
Exploits0References2
OSV
OSVadded 2025/05/08 4:15 p.m.2 views

UBUNTU-CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

9.8CVSS5.8AI score0.00366EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/05/08 12:0 a.m.1 views

Znuny 安全漏洞

Znuny is a work order system from Znuny, Inc. A security vulnerability exists in Znuny 7.1.3 and earlier versions that stems from a cookie not setting the HttpOnly flag...

9.8CVSS6.4AI score0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/05/08 12:0 a.m.8 views

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

9.5AI score0.00366EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/05/08 12:0 a.m.6 views

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

0.00366EPSS
Exploits0References2
CVE
CVEadded 2025/05/08 12:0 a.m.49 views

CVE-2025-26844

The CVE-2025-26844 vulnerability affects Znuny up to version 7.1.3 where a cookie is set without the HttpOnly flag. The underlying issue is improper cookie configuration, enabling cookies to be accessible to client-side scripts. This could, per the available references, contribute to session-rela...

9.8CVSS6.5AI score0.00366EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/02/28 5:9 p.m.6 views

CVE-2025-24318 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Sensitive Cookie Without 'HttpOnly' Flag

Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise...

6.8CVSS6.6AI score0.00112EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/02/28 5:9 p.m.7 views

CVE-2025-24318 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Sensitive Cookie Without 'HttpOnly' Flag

Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise...

6.8CVSS0.00112EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/02/27 7:8 a.m.5 views

CVE-2024-5848 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

6.1CVSS0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/02/14 4:45 a.m.7 views

CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...

5.9CVSS6.8AI score0.00088EPSS
Exploits1
Veracode
Veracodeadded 2024/12/18 5:28 a.m.19 views

Cookie Poisoning

Quarkus-HTTP is vulnerable to Cookie Poisoning. The vulnerability is due to improper parsing of cookies with specific value-delimiting characters, allowing attackers to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values...

7.4CVSS6.8AI score0.00572EPSS
Exploits0References10Affected Software1
OSV
OSVadded 2024/12/12 9:31 a.m.0 views

GHSA-CXRX-Q234-M22M io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

7.4CVSS6.4AI score0.00572EPSS
Exploits0References10
Github Security Blog
Github Security Blogadded 2024/11/17 12:30 p.m.20 views

Undertow incorrectly parses cookies

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

7.4CVSS6.5AI score0.0736EPSS
Exploits0References13Affected Software1
OSV
OSVadded 2024/11/17 12:30 p.m.12 views

GHSA-3JRV-JGP8-45V3 Undertow incorrectly parses cookies

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

7.4CVSS7.2AI score0.0736EPSS
Exploits0References13
OSV
OSVadded 2024/11/17 11:15 a.m.0 views

UBUNTU-CVE-2023-4639

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

7.4CVSS7.2AI score0.0736EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/11/17 10:21 a.m.49 views

CVE-2023-4639 Undertow: cookie smuggling/spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

7.4CVSS6.6AI score0.0736EPSS
Exploits0References9
Cvelist
Cvelistadded 2024/11/17 10:21 a.m.32 views

CVE-2023-4639 Undertow: cookie smuggling/spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

7.4CVSS0.0736EPSS
Exploits0References9
Rows per page
Query Builder