176 matches found
CVE-2022-43906
IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897...
CVE-2024-42212
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...
CVE-2024-42212
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...
CVE-2024-42212
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...
CVE-2024-42212 HCL BigFix Compliance is affected by an improper or missing SameSite attribute
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...
CVE-2024-42212 HCL BigFix Compliance is affected by an improper or missing SameSite attribute
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...
CVE-2024-42212
CVE-2024-42212 affects HCL BigFix Compliance due to an improper or missing SameSite attribute, enabling Cross-Site Request Forgery (CSRF) via authenticated sessions. The primary sources consistently describe the issue as a CSRF risk stemming from SameSite misconfiguration; the CVSS 3.1 base metri...
PT-2025-19760 · Hcl · Hcl Bigfix Compliance
Name of the Vulnerable Software and Affected Versions: HCL BigFix Compliance affected versions not specified Description: The issue is related to an improper or missing SameSite attribute, which can lead to Cross-Site Request Forgery CSRF attacks. A malicious site could trick a user's browser int...
Security Bulletin: IBM Concert Software is vulnerable to multiple issues
Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2024-3154 DESCRIPTION: CRI-O could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an arbitrary...
Important: thunderbird
Issue Overview: Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100. CVE-2022-29912 The parent process would not properly check whether the Speech Synthesis feature is...
CVE-2024-30155 HCL SX is susceptible to cookie with Insecure, Improper, or Missing SameSite attribute vulnerability
HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request CSRF...
CVE-2024-30155 HCL SX is susceptible to cookie with Insecure, Improper, or Missing SameSite attribute vulnerability
HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request CSRF...
CVE-2024-7806
A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...
Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability
A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...
CVE-2024-7806
A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...
CVE-2024-7806
CVE-2024-7806 affects open-webui/open-webui ≤ 0.3.8. A CSRF flaw (lax SameSite cookies, no CSRF tokens) enables remote code execution by non-admin users when a victim visits a crafted page, potentially modifying a pipeline’s Python code and running arbitrary commands with the victim’s privileges....
CVE-2025-22493 Improper cookie attributes in Foreseer Reporting Software (FRS)
Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software FRS. Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100...
CVE-2025-22493 Improper cookie attributes in Foreseer Reporting Software (FRS)
Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software FRS. Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100...
CVE-2025-24875
SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...
CVE-2025-24900
Concorde (Nexkey) vulnerability: lack of CSRF protection and misconfigured cookies for MediaProxy authentication allow bypassing authentication, enabling image loading without restrictions. Affects versions prior to 12.25Q1.1 (SameSite attribute missing); prior to 12.24Q2.3 the same cookie also a...