36 matches found
CVE-2026-43828
Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...
EUVD-2026-31734
Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...
CVE-2026-43828
Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...
CVE-2026-43828 Apache Shiro: Shiro's native session and rememberMe cookies do not have secure flag set by default
Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...
EUVD-2020-7882
Malware in sbrugna...
EUVD-2015-8352
Malware in sbrugna...
EUVD-2017-9242
Malware in sbrugna...
EUVD-2013-4473
Malware in sbrugna...
EUVD-2007-2711
Malware in sbrugna...
EUVD-2023-34489
Malicious code in bioql PyPI...
EUVD-2022-47720
Malicious code in bioql PyPI...
CVE-2023-30056
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie...
CVE-2022-44788
An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an information exposure in Apache Tomcat (CVE-2023-28708)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an information exposure in Apache Tomcat due to the missing of secure attribute in some configurations for JSESSIONID Cookie CVE-2023-28708. Apache Tomca is included as part of the java microservices in our...
CVE-2023-30056
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie...
Session fixation
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie...
Security Bulletin: IBM Cloud Pak for Network Automation 2.4.6 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.4.6 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the magic comment featu...
FICO Origination Manager 授权问题漏洞
FICO Origination Manager FICO OM is a comprehensive customer origination platform from FICO USA, Inc. designed to enable both large and small organizations to maximize returns and control costs, and provide strong customer engagement. A security vulnerability exists in FICO Origination Manager...
CVE-2023-30056
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie...
CVE-2023-30056
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie...