threat
engine
.sh
Back
·
··:··
Home
/
CWE
/
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Weakness
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-614 · Variant · Draft
The Secure attribute for sensitive cookies in HTTPS sessions is not set.
△
Weakness Relationships
Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOf
CWE-319 · Cleartext Transmission of Sensitive Information
◆
Attack Patterns (CAPEC)
1
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-102
Session Sidejacking
⚠
CVEs With This Weakness
52
A sample of the 52 CVEs tagged with this weakness.
CVE
CVE-2026-4820
CVE
CVE-2026-32745
CVE
CVE-2026-22617
CVE
CVE-2026-1697
CVE
CVE-2025-8037
CVE
CVE-2025-53757
CVE
CVE-2025-52632
CVE
CVE-2025-52614
CVE
CVE-2025-36249
CVE
CVE-2025-36026
CVE
CVE-2025-36011
CVE
CVE-2025-27450
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin