Lucene search
K

232 matches found

Vulnrichment
Vulnrichment
added 2025/02/11 3:20 p.m.20 views

CVE-2025-24897 Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...

8.2CVSS8.4AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2025/02/11 3:20 p.m.8 views

CVE-2025-24897 Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...

8.2CVSS7AI score0.00126EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/11 3:20 p.m.21 views

CVE-2025-24897 Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...

8.2CVSS0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/11 12:37 a.m.10 views

CVE-2025-24875 SameSite Defense in Depth not applied for some cookies in SAP Commerce

SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...

6.8CVSS0.00162EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/14 3:53 a.m.20 views

CVE-2024-27168 Hardcoded keys used to generate authentication cookies

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL...

7.1CVSS0.00286EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/14 3:53 a.m.31 views

CVE-2024-27168 Hardcoded keys used to generate authentication cookies

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL...

7.1CVSS7.3AI score0.00286EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.3 views

DerbyNet 安全漏洞

DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet racerid parameter due to improper validation of user-supplied input in the photo-thumbs.php script. An attacker could use this vulnerability to steal the victim's cookie-based...

6.5CVSS6.4AI score0.00567EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.5 views

DerbyNet 安全漏洞

DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet racerid parameter due to improper validation of user-supplied input by the racer-results.php script. An attacker could use this vulnerability to steal the victim's cookie-based...

6.3CVSS6.4AI score0.00551EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/04/15 9:0 p.m.11 views

CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS6.7AI score0.00308EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/04/05 12:0 a.m.7 views

The vulnerability of the Grafana monitoring and observation platform, related to the disclosure of confidential information to unauthorized entities, allows attackers to expose the protected information.

The vulnerability of the Grafana monitoring and observation platform relates to the transfer of user authentication cookie files to plugins. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information that is protected by the system...

8.2CVSS7.1AI score0.01228EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2024/03/22 12:0 a.m.5 views

Moodle 安全漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site scripting vulnerability that stems from a Chat activity that allows students to insert potentially...

5.4CVSS6.3AI score0.00551EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/18 12:0 a.m.3 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.1AI score0.00427EPSS
Exploits0References2
NVD
NVD
added 2024/02/16 4:15 a.m.9 views

CVE-2023-6451

Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms...

8.6CVSS8.8AI score0.0053EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/16 4:6 a.m.8 views

CVE-2023-6451 Publicly Known Cryptographic Machine Key In Procura Portal Application

Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms...

8.6CVSS8.7AI score0.0053EPSS
Exploits0References1
CNVD
CNVD
added 2024/01/30 12:0 a.m.7 views

Cups Easy cross-site scripting vulnerability (CNVD-2024-12238)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/taxstructurecreate.php page. An attacker...

8.2CVSS6.2AI score0.00437EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/26 12:0 a.m.4 views

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the batchno parameter on the /cupseasylive/stock.php page. An attacker could use this...

8.2CVSS7AI score0.00489EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/26 12:0 a.m.5 views

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the grndate parameter on the /cupseasylive/grncreate.php page. An attacker could use th...

8.2CVSS7AI score0.00436EPSS
Exploits0References2
OSV
OSV
added 2024/01/12 3:15 p.m.4 views

CVE-2023-49259

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time...

7.5CVSS5.8AI score0.00556EPSS
Exploits0References2
Prion
Prion
added 2024/01/12 3:15 p.m.10 views

Hardcoded credentials

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time...

5CVSS7.4AI score0.00556EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/12 2:25 p.m.1 views

CVE-2023-49259 Bruteforcing authentication cookie for a given user

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time...

7.6AI score0.00556EPSS
Exploits0References2
Rows per page
Query Builder