Weaknesses of type CWE-1004
41 resultsCVE-2025-27223HIGHTRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPorEPSS 2.0%CVE-2020-27658HIGHSynology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makeEPSS 1.3%CVE-2021-42115HIGHMissing HTTPOnly flag on sensitive cookie in TopEaseEPSS 1.2%CVE-2019-8283—Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript tEPSS 1.2%CVE-2021-3706HIGHSensitive Cookie Without 'HttpOnly' Flag in pi-hole/adminlteEPSS 1.1%CVE-2021-39210MEDIUMAutologin cookie accessible by scriptsEPSS 1.0%CVE-2022-25172HIGHAn information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The EPSS 0.9%CVE-2020-6267MEDIUMSome sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only EPSS 0.8%CVE-2022-4630MEDIUMSensitive Cookie Without 'HttpOnly' Flag in lirantal/daloradiusEPSS 0.6%CVE-2019-25091LOWnsupdate.info CSRF Cookie base.py cookie httponly flagEPSS 0.6%CVE-2022-21939HIGHSensitive cookie without 'HttpOnly' flag in System Configuration Tool (SCT)EPSS 0.5%CVE-2024-41685MEDIUMCookie Without HTTPOnly Flag Set VulnerabilityEPSS 0.5%CVE-2024-6739MEDIUMOpenfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' FlagEPSS 0.4%CVE-2022-33167LOWIBM Security Directory Integrator information disclosureEPSS 0.4%CVE-2025-0479HIGHSecurity Misconfiguration Vulnerability in CP Plus RouterEPSS 0.4%CVE-2022-43845LOWIBM Aspera Console information disclosureEPSS 0.4%CVE-2026-22081HIGHCookie without HTTPOnly Flag Vulnerability in Tenda Wireless RoutersEPSS 0.4%CVE-2025-26844CRITICALAn issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.EPSS 0.4%CVE-2025-27453MEDIUMCVE-2025-27453EPSS 0.4%CVE-2026-0696MEDIUMSession Cookies Missing HttpOnly AttributeEPSS 0.4%