Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

SUSE CVE
SUSE CVEadded 2025/03/11 3:47 a.m.1 views

SUSE CVE-2025-24387

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue...

6.5CVSS6.8AI score0.00081EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2023/02/15 6:5 a.m.2 views

SUSE CVE-2008-7293

Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.7AI score0.0059EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2023/02/15 5:20 a.m.2 views

SUSE CVE-2015-2330

Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies...

7.5CVSS6.9AI score0.00322EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2016/08/25 12:0 a.m.573 views

OpenSSL < 1.0.2i Default Weak 64-bit Block Cipher (SWEET32)

According to its banner, the version of OpenSSL running on the remote host is prior to 1.0.2i. It is, therefore, affected by a vulnerability, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficie...

7.5CVSS7AI score0.40993EPSS
Exploits7References3
Tenable Nessus
Tenable Nessusadded 2016/08/24 12:0 a.m.23 views

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

Binary data 7222.pasl...

7.3AI score
Exploits0References4
ThreatPost
ThreatPostadded 2013/11/04 9:52 a.m.22 views

Apple Turns on BEAST Attack Mitigation by Default in Safari

Apple enabled a feature in its recent OS X Mavericks update that neutered the BEAST cryptographic attacks. BEAST is a two-year-old attack tool that exploits a vulnerability in TLS 1.0 and SSL 3.0 and could lead to an attacker stealing HTTPS cookies or hijacking browser sessions. Apple’s Safari...

7.2AI score
Exploits0References5
ThreatPost
ThreatPostadded 2013/09/16 2:17 p.m.10 views

BEAST Cryptographic Attack Mitigations Overturned

The BEAST cryptographic attack, once thought to be largely mitigated, has two things conspiring against it to make breaches potentially possible again. Not only has a server-side mitigation essentially been rendered moot by recent research into the RC4 cryptographic protocol, but Apple has yet to...

0.5AI score
Exploits0References5
Prion
Prionadded 2008/06/05 9:32 p.m.8 views

Design/Logic Flaw

CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP...

5CVSS7.2AI score0.0025EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder