CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/02/04 8:45 p.m.•11 views

CVE-2023-38281

CVE-2023-38281 affects IBM Cloud Pak System. The issue is that authorization tokens and session cookies are not marked with the Secure attribute, allowing cookies to be exposed if a user visits an http link or if a link is planted on a site, enabling traffic snooping. Affected products/versions i...

5.3CVSS5.4AI score0.00014EPSS

Exploits0References1Affected Software2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-14293

Malware in sbrugna...

5.3CVSS4.9AI score0.00041EPSS

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-14223

Malware in sbrugna...

4.3CVSS4.8AI score0.0006EPSS

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-14350

Malware in sbrugna...

4.3CVSS5.2AI score0.00133EPSS

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-26213

Malware in sbrugna...

4.3CVSS4.8AI score0.00356EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-25857

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00043EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-40097

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00086EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-42180

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00079EPSS

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2023-38010

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00045EPSS

RedhatCVE•added 2025/05/23 7:9 a.m.•7 views

CVE-2024-28771

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user...

6.5CVSS6.3AI score0.00043EPSS

Vulnrichment•added 2025/01/27 1:12 a.m.•10 views

CVE-2024-28770 IBM Security Directory Integrator information disclosure

4.8CVSS4.9AI score0.00043EPSS

NVD•added 2024/09/13 2:15 a.m.•12 views

CVE-2024-43180

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

4.3CVSS0.00086EPSS

CVE•added 2024/07/10 3:28 p.m.•56 views

CVE-2023-33860

CVE-2023-33860 affects IBM Security QRadar EDR version 3.12. The vulnerability arises because authorization tokens or session cookies are not marked with the Secure attribute, enabling cookies to be sent over HTTP. Attack scenario described in the sources includes sending a link via HTTP or embed...

5.3CVSS5AI score0.00045EPSS

Exploits0References2Affected Software1

CVE•added 2024/05/03 4:55 p.m.•75 views

CVE-2021-20450

CVE-2021-20450 affects IBM Cognos Controller 10.4.1–11.0.0 where authorization tokens and session cookies are missing the secure attribute, enabling a cookie exposure risk if a user visits an http link or a site with such a link. The vulnerability is described in IBM’s advisories and NVD entries,...

4.3CVSS5.9AI score0.00086EPSS

Exploits0References2Affected Software1

Prion•added 2023/11/13 2:15 a.m.•13 views

Authorization

IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the...

4.3CVSS6.1AI score0.00079EPSS

Exploits0References2Affected Software1

OSV•added 2023/06/08 1:15 a.m.•1 views

CVE-2023-33847

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a sit...

3.1CVSS5.6AI score

Exploits0References4

Prion•added 2023/06/08 1:15 a.m.•15 views

Authorization

2.6CVSS3.5AI score0.0021EPSS

Exploits0References4Affected Software2

Positive Technologies•added 2022/11/14 12:0 a.m.•3 views

PT-2022-22122 · Ibm · Ibm Cics Tx

Name of the Vulnerable Software and Affected Versions: IBM CICS TX version 11.1 Description: The issue concerns the failure to set the secure attribute on authorization tokens or session cookies. Attackers can exploit this by sending a http:// link to a user or by planting this link in a site the...

4.3CVSS3.5AI score0.0041EPSS

Exploits0References6

Cvelist•added 2021/11/15 3:35 p.m.•14 views

CVE-2021-38977

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent t...

3.1CVSS4.3AI score0.00133EPSS