Lucene search
+L

715 matches found

Cvelist
Cvelist
added 2026/02/03 6:6 p.m.32 views

CVE-2025-52628 HCL AION is susceptible to Missing SameSite vulnerability

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...

4.6CVSS0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 6:6 p.m.3 views

CVE-2025-52628 HCL AION is susceptible to Missing SameSite vulnerability

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...

4.6CVSS5.1AI score0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-5904

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description HCL AION is susceptible to a cookie handling issue where cookies may lack proper SameSite attributes, or have insecure or improper configurations. This can allow cookies to be transmitted in unintended cross-si...

8.8CVSS5.1AI score0.0019EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : firefox-91.9.0-1.el8.ML.1 (AXSA:2022-3174:10)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3174:10 advisory. Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 Mozilla: iframe Sandbox bypass CVE-2022-29911 Mozilla: Fullscreen...

9.8CVSS8.5AI score0.01005EPSS
Exploits3References7
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.9 views

CVE-2023-25240

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...

8.8CVSS7.5AI score0.00974EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.10 views

CVE-2022-38386

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 2337...

5.9CVSS5.9AI score0.00465EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.14 views

CVE-2023-29008

The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...

8.8CVSS7.5AI score0.00373EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/05 12:0 a.m.33 views

CVE-2025-65922

PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka applicati...

0.0014EPSS
Exploits0References2
OSV
OSV
added 2025/12/19 9:30 p.m.7 views

GHSA-CV8H-R7R5-VWJ9 Kimai contains a SameSite cookie vulnerability

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...

9.8CVSS5.5AI score0.00496EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/12/19 9:30 p.m.7 views

Kimai contains a SameSite cookie vulnerability

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...

9.8CVSS5.5AI score0.00496EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/12/19 9:5 p.m.20 views

CVE-2023-53957

Kimai 1.30.10 is affected by a SameSite cookie vulnerability that can enable session hijacking. Attackers may lure victims into running a crafted PHP script that captures and writes session cookies to a file, enabling access to user sessions. The issue is tied to improper SameSite cookie handling...

9.8CVSS6.2AI score0.00496EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/19 9:5 p.m.4 views

CVE-2023-53957 Kimai 1.30.10 SameSite Cookie Vulnerability Session Hijacking

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...

9.8CVSS6.2AI score0.00496EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/19 9:5 p.m.5 views

EUVD-2025-204601

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...

9.8CVSS6.1AI score0.00496EPSS
Exploits1References4
OSV
OSV
added 2025/12/19 9:5 p.m.6 views

CVE-2023-53957 Kimai 1.30.10 SameSite Cookie Vulnerability Session Hijacking

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...

8.5CVSS6AI score0.00496EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.6 views

kimai 安全漏洞

kimai is a web-based multi-user time tracking application by the individual developer of kimai. A security vulnerability exists in kimai version 1.30.10, which stems from an improper implementation of the SameSite cookie and could lead to session hijacking...

9.8CVSS6.5AI score0.00496EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.7 views

PT-2025-52527

Name of the Vulnerable Software and Affected Versions Kimai version 1.30.10 Description Kimai version 1.30.10 has a SameSite cookie flaw that allows attackers to steal user session cookies. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie...

9.8CVSS6.5AI score0.00496EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2025/12/15 2:44 p.m.12 views

CVE-2025-34412

...

6.5AI score0.00075EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/08 1:11 p.m.6 views

CVE-2025-34291

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration alloworigins='' with allowcredentials=True combined with a refresh token cookie configured as SameSite=None allows a malicio...

9.4CVSS8.4AI score0.7889EPSS
Exploits3References1
OSV
OSV
added 2025/12/05 10:27 p.m.8 views

CVE-2025-34291 Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration alloworigins='' with allowcredentials=True combined with a refresh token cookie configured as SameSite=None allows a malicio...

9.4CVSS7.9AI score0.7889EPSS
Exploits3References7
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.10 views

Langflow 访问控制错误漏洞

Langflow is a Langflow open source visualization framework for building multi-agent and RAG applications. An access control error vulnerability exists in Langflow 1.6.9 and earlier versions, which stems from overly lax CORS configuration and improper SameSite settings that could lead to account...

9.4CVSS7.7AI score0.7889EPSS
Exploits3References4
Rows per page
Query Builder