CWE-1275: CWE-1275

Total CVEs

Critical

High

6.4

Avg CVSS

Yearly Trend

2026

2025

2024

Top Affected Vendors

1 Hcltech 2

2 Ibm 1

3 Mozilla 1

4 Otrs 1

5 Kimai 1

All CWE-1275 CVEs (6)

CVE-2023-53957

9.8

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through crafted PHP scripts. This enables s...

Dec 19, 2025

CVE-2024-6611

9.8

This vulnerability allows malicious websites to bypass SameSite cookie restrictions by using nested iframes to trigger cross-site navigations, enablin...

Jul 9, 2024

CVE-2024-30155

5.5

HCL SX fails to set the secure attribute on authorization tokens and session cookies, allowing attackers to potentially steal these cookies via Cross-...

Mar 26, 2025

CVE-2025-24387

4.8

This vulnerability in OTRS Application Server allows session hijacking due to insecure cookie settings in HTTPS sessions. Attackers can steal authenti...

Mar 10, 2025

CVE-2025-52628

4.6

HCL AION versions 2.0 have a SameSite cookie vulnerability that allows cookies to be sent in cross-site requests. This increases exposure to cross-sit...

Feb 3, 2026

CVE-2025-36134

3.7

This vulnerability allows attackers to potentially steal sensitive session cookies in IBM Sterling B2B Integrator and Sterling File Gateway products. ...

Nov 25, 2025

About CWE-1275 (CWE-1275)

Our database tracks 6 CVEs classified as CWE-1275, with 2 rated critical and 0 rated high severity. The average CVSS score for CWE-1275 vulnerabilities is 6.4.

External reference: View CWE-1275 on MITRE CWE →

Monitor CWE-1275 Vulnerabilities

Get alerted when new CWE-1275 CVEs affect your infrastructure.

Start Monitoring Free