NPM: NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags

NPM: NocoDB: Refresh Token Cookie Set Without secure and sameSite Flags vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

SUSE CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

Cookies generated by VPN Vserver lack Secure/SameSite/HttpOnly flags

Cookies generated by VPN Vserver lack Secure/SameSite/HttpOnly flags...

Cross site request forgery (csrf)

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks...

CVE-2019-19737

CVE-2019-19737 affects MFScripts YetiShare in versions 3.5.2 through 4.5.3. The root cause is that session cookies do not have the SameSite flag set, allowing cookies to be sent with cross-site requests and potentially enabling cross-site request forgery attacks. Multiple connected sources confir...

CVE-2019-19737

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks...