CVE-2026-22081: This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly…
CVE-2026-42239 — CVSS 8.1 (high): Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set…
CVE-2025-27223 — CVSS 7.5 (high): TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as…
CVE-2025-24318 — CVSS 6.8 (medium): Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise.
CVE-2026-0696 — CVSS 6.5 (medium): In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this…
CVE-2025-12031 — CVSS 5.3 (medium): HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript…
CVE-2025-27453 — CVSS 5.3 (medium): The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.
CVE-2025-49189 — CVSS 5.3 (medium): The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts…
CVE-2019-25091 — CVSS 3.7 (low): A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/ba…
CVE-2021-34563 — CVSS 3.3 (low): In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be…
CVE-2025-42909 — CVSS 3.0 (low): SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in…