CVEs classified under CWE-1275, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-53957 — CVSS 9.8 (critical): Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation…
CVE-2024-6611 — CVSS 9.8 (critical): A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128…
CVE-2022-38386 — CVSS 5.9 (medium): IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the…
CVE-2024-30155 — CVSS 5.5 (medium): HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to…
CVE-2024-42212 — CVSS 5.4 (medium): HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks…
CVE-2025-52628 — CVSS 4.6 (medium): HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in…
CVE-2026-55688 — CVSS 4.0 (medium): The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In…
CVE-2025-36134 — CVSS 3.7 (low): IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose…
CVE-2024-43173 — CVSS 3.7 (low): IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.