PYSEC-0000-CVE-2026-41017

Apache Airflow's JWTRefreshMiddleware set the JWT auth cookie without the Secure flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default...

CVE-2025-41748

An XSS vulnerability in pxcDot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

EUVD-2018-17251

Malware in sbrugna...

EUVD-2015-7351

Malware in sbrugna...

EUVD-2024-28078

Malicious code in bioql PyPI...

The vulnerability of the Hitachi Ops Center Analyzer software for data analysis and analysis lies in the absence of a “Secure” flag in the HTTPS session cookies. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Hitachi Ops Center Analyzer software-related data analysis and processing programs lies in the absence of the “Secure” flag in the HTTPS session cookies. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...

UBUNTU-CVE-2023-28708

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...

CVE-2020-27650

Synology DiskStation Manager DSM before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

CVE-2016-7090

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

PT-2015-5470 · Pcs +2 · Pcs +2

Name of the Vulnerable Software and Affected Versions: PCS versions 0.9.137 and earlier Description: The issue concerns the pcs daemon pcsd in PCS, where it fails to set the secure flag for a cookie in an https session. This oversight makes it easier for remote attackers to capture the cookie by...

DEBIAN-CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

UBUNTU-CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...