715 matches found
CVE-2025-52628 HCL AION is susceptible to Missing SameSite vulnerability
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...
CVE-2025-52628 HCL AION is susceptible to Missing SameSite vulnerability
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...
PT-2026-5904
Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description HCL AION is susceptible to a cookie handling issue where cookies may lack proper SameSite attributes, or have insecure or improper configurations. This can allow cookies to be transmitted in unintended cross-si...
MiracleLinux 8 : firefox-91.9.0-1.el8.ML.1 (AXSA:2022-3174:10)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3174:10 advisory. Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 Mozilla: iframe Sandbox bypass CVE-2022-29911 Mozilla: Fullscreen...
CVE-2023-25240
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...
CVE-2022-38386
IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 2337...
CVE-2023-29008
The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
CVE-2025-65922
PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka applicati...
GHSA-CV8H-R7R5-VWJ9 Kimai contains a SameSite cookie vulnerability
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...
Kimai contains a SameSite cookie vulnerability
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...
CVE-2023-53957
Kimai 1.30.10 is affected by a SameSite cookie vulnerability that can enable session hijacking. Attackers may lure victims into running a crafted PHP script that captures and writes session cookies to a file, enabling access to user sessions. The issue is tied to improper SameSite cookie handling...
CVE-2023-53957 Kimai 1.30.10 SameSite Cookie Vulnerability Session Hijacking
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...
EUVD-2025-204601
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...
CVE-2023-53957 Kimai 1.30.10 SameSite Cookie Vulnerability Session Hijacking
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...
kimai 安全漏洞
kimai is a web-based multi-user time tracking application by the individual developer of kimai. A security vulnerability exists in kimai version 1.30.10, which stems from an improper implementation of the SameSite cookie and could lead to session hijacking...
PT-2025-52527
Name of the Vulnerable Software and Affected Versions Kimai version 1.30.10 Description Kimai version 1.30.10 has a SameSite cookie flaw that allows attackers to steal user session cookies. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie...
CVE-2025-34412
...
CVE-2025-34291
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration alloworigins='' with allowcredentials=True combined with a refresh token cookie configured as SameSite=None allows a malicio...
CVE-2025-34291 Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration alloworigins='' with allowcredentials=True combined with a refresh token cookie configured as SameSite=None allows a malicio...
Langflow 访问控制错误漏洞
Langflow is a Langflow open source visualization framework for building multi-agent and RAG applications. An access control error vulnerability exists in Langflow 1.6.9 and earlier versions, which stems from overly lax CORS configuration and improper SameSite settings that could lead to account...