Lucene search
K

176 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:57 a.m.7 views

CVE-2022-43906

IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897...

5.3CVSS6AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/07 7:14 p.m.13 views

CVE-2024-42212

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...

5.4CVSS6.8AI score0.00201EPSS
Exploits0References3
OSV
OSV
added 2025/05/05 7:15 p.m.5 views

CVE-2024-42212

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...

5.4CVSS5.6AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2025/05/05 7:15 p.m.11 views

CVE-2024-42212

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...

5.4CVSS0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/05 6:40 p.m.8 views

CVE-2024-42212 HCL BigFix Compliance is affected by an improper or missing SameSite attribute

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...

5.4CVSS5.4AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/05 6:40 p.m.14 views

CVE-2024-42212 HCL BigFix Compliance is affected by an improper or missing SameSite attribute

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...

5.4CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 2025/05/05 6:40 p.m.59 views

CVE-2024-42212

CVE-2024-42212 affects HCL BigFix Compliance due to an improper or missing SameSite attribute, enabling Cross-Site Request Forgery (CSRF) via authenticated sessions. The primary sources consistently describe the issue as a CSRF risk stemming from SameSite misconfiguration; the CVSS 3.1 base metri...

5.4CVSS5.4AI score0.00201EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.6 views

PT-2025-19760 · Hcl · Hcl Bigfix Compliance

Name of the Vulnerable Software and Affected Versions: HCL BigFix Compliance affected versions not specified Description: The issue is related to an improper or missing SameSite attribute, which can lead to Cross-Site Request Forgery CSRF attacks. A malicious site could trick a user's browser int...

5.4CVSS6.1AI score0.00201EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:6 a.m.75 views

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2024-3154 DESCRIPTION: CRI-O could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an arbitrary...

9.8CVSS9.8AI score0.99999EPSS
Exploits22Affected Software1
Amazon
Amazon
added 2025/04/01 12:0 a.m.11 views

Important: thunderbird

Issue Overview: Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100. CVE-2022-29912 The parent process would not properly check whether the Speech Synthesis feature is...

8.1CVSS8.8AI score0.00644EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2025/03/26 7:59 a.m.9 views

CVE-2024-30155 HCL SX is susceptible to cookie with Insecure, Improper, or Missing SameSite attribute vulnerability

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request CSRF...

5.5CVSS6.9AI score0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 7:59 a.m.12 views

CVE-2024-30155 HCL SX is susceptible to cookie with Insecure, Improper, or Missing SameSite attribute vulnerability

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request CSRF...

5.5CVSS0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:36 p.m.12 views

CVE-2024-7806

A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...

8.8CVSS8.6AI score0.00444EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.27 views

Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability

A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...

8.8CVSS8.4AI score0.00444EPSS
Exploits2References6Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.18 views

CVE-2024-7806

A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...

8.8CVSS0.00444EPSS
Exploits2References1
CVE
CVE
added 2025/03/20 10:11 a.m.52 views

CVE-2024-7806

CVE-2024-7806 affects open-webui/open-webui ≤ 0.3.8. A CSRF flaw (lax SameSite cookies, no CSRF tokens) enables remote code execution by non-admin users when a victim visits a crafted page, potentially modifying a pipeline’s Python code and running arbitrary commands with the victim’s privileges....

8.8CVSS8.5AI score0.00444EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2025/03/05 8:53 a.m.9 views

CVE-2025-22493 Improper cookie attributes in Foreseer Reporting Software (FRS)

Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software FRS. Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100...

5.6CVSS0.00102EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/05 8:53 a.m.6 views

CVE-2025-22493 Improper cookie attributes in Foreseer Reporting Software (FRS)

Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software FRS. Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100...

5.6CVSS7.1AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 2:7 a.m.6 views

CVE-2025-24875

SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...

6.8CVSS7.1AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 3:36 p.m.62 views

CVE-2025-24900

Concorde (Nexkey) vulnerability: lack of CSRF protection and misconfigured cookies for MediaProxy authentication allow bypassing authentication, enabling image loading without restrictions. Affects versions prior to 12.25Q1.1 (SameSite attribute missing); prior to 12.24Q2.3 the same cookie also a...

8.6CVSS8.8AI score0.00373EPSS
Exploits0References3
Rows per page
Query Builder