Lucene search
+L

16 matches found

NVD
NVD
added 2025/12/15 3:15 p.m.7 views

CVE-2025-34412

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action...

0.00075EPSS
Exploits0
EUVD
EUVD
added 2025/12/15 2:44 p.m.7 views

EUVD-2025-203381

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...

6.9CVSS6.2AI score0.00075EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2024-2303

Malicious code in bioql PyPI...

4.1CVSS6.3AI score0.00597EPSS
Exploits0References12
OSV
OSV
added 2025/03/20 12:32 p.m.8 views

GHSA-43G4-487M-5Q6M Open WebUI Vulnerable to a Session Fixation Attack

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...

7.6CVSS8AI score0.00659EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.15 views

Open WebUI Vulnerable to a Session Fixation Attack

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...

9CVSS7.7AI score0.00659EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/21 12:0 a.m.40 views

Oracle Linux 8 : tomcat (ELSA-2023-7065)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7065 advisory. - Resolves: 2210630 CVE-2023-28709 tomcat - Resolves: 2181448 CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure...

7.5CVSS7.5AI score0.51547EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/07/12 12:0 a.m.42 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6.2.7)

The version of AOS installed on the remote host is prior to 6.6.2.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.6.2.7 advisory. - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did n...

7.5CVSS6.7AI score0.46836EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/06/09 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2023-2196)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.9AI score0.01831EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:14 p.m.39 views

Security Bulletin: IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies (CVE-2022-34313).

Summary IBM CICS TX Standard could allow attackers to access an application via insecure session cookies. The fix removes this vulnerability CVE-2022-34313 from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-34313 DESCRIPTION: IBM CICS TX does not set the secure attribute on...

4.3CVSS3.5AI score0.006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.36 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to allowing an attacker to access an application via insecure session cookies (CVE-2022-34313).

Summary IBM CICS TX Advanced could allow an attacker access to an application via insecure session cookies. The fix removes this vulnerability CVE-2022-34313 from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-34313 DESCRIPTION: IBM CICS TX does not set the secure attribute on...

4.3CVSS3.5AI score0.006EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/14 5:5 p.m.5 views

CVE-2022-34313 IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

4.3CVSS6.2AI score0.006EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/11/14 5:5 p.m.30 views

CVE-2022-34313 IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

4.3CVSS4.6AI score0.006EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/13 8:45 p.m.28 views

CVE-2022-22329

IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacke...

4.3CVSS4.3AI score0.00566EPSS
Exploits0References2
Hacker One
Hacker One
added 2021/01/19 2:54 a.m.17 views

Mail.ru: CSRF + XSS leads to ATO

Reflected XSS on dwar.mail.ru via POST parameter formnick There was a Self-XSS issue on Request with no CSRF Protection leading to full Account Takeover due to Insecure Session Cookies...

2.9AI score
Exploits0
0day.today
0day.today
added 2012/12/05 12:0 a.m.39 views

ManageEngine MSPCentral 9 CSRF / Cross Site Scripting Vulnerability

ManageEngine MSPCentral version 9 suffers from cross site request forgery, insecure session cookies, and cross site scripting vulnerabilities. Multiple vulnerabilities in ManageEngine MSPCentral 9 ------------------------------------------------------------ Background ---------- At Kiwicon 6 in m...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2012/12/04 12:0 a.m.43 views

ManageEngine MSPCentral 9 Cross Site Request Forgery / Cross Site Scripting

-------------------------------------------------------------- REDACTED REDACTED REDACTED REDACTED REDACTED REDACTED REDACTED ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY -------------------------------------------------------------- RA004: Multiple vulnerabilities in ManageEngi...

Exploits0
Rows per page
Query Builder