Lucene search
K

140 matches found

Vulnrichment
Vulnrichment
added 2025/09/17 2:25 p.m.2 views

CVE-2025-40933 Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

6.6AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:40 a.m.7 views

CVE-2016-11014

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case...

9.8CVSS7.1AI score0.02538EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:49 a.m.5 views

CVE-2019-13172

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device...

10CVSS8.3AI score0.03016EPSS
Exploits0References1
NVD
NVD
added 2025/03/10 10:15 a.m.20 views

CVE-2025-24387

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue...

6.5CVSS0.0014EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-39201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could...

7.5CVSS7.3AI score0.01228EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.2 views

IBM OpenPages with Watson 跨站请求伪造漏洞

IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...

8.8CVSS6.7AI score0.00193EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/06/04 12:23 p.m.1 views

SUSE CVE-2024-24814

modauthopenidc is an OpenID Certifiedtm authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to a...

7.5CVSS7.7AI score0.01261EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2024/05/14 10:29 p.m.49 views

Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

7.5CVSS6.8AI score0.01228EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/03/06 10:55 a.m.30 views

BIT-GRAFANA-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions...

7.5CVSS6.9AI score0.01228EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/02/27 2:29 p.m.16 views

CVE-2024-27905 Apache Aurora: padding oracle can allow construction an authentication cookie

UNSUPPORTED WHEN ASSIGNED Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially thi...

7.7AI score0.01471EPSS
Exploits0References2
OSV
OSV
added 2024/02/21 12:10 a.m.20 views

GHSA-CP68-QRHR-G9H8 MeshCentral cross-site websocket hijacking (CSWSH) vulnerability

We have identified a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint of MeshCentral. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. To demonstrate the impact of the vulnerability we developed a...

8.3CVSS8.6AI score0.00464EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/02/16 12:0 a.m.4 views

AlayaCare Procura Portal Authorization Issues Vulnerability

AlayaCare Procura is a home health software for home and community service delivery from AlayaCare, Inc. A security vulnerability exists in AlayaCare Procura Portal versions prior to 9.0.1.2. An attacker can exploit the vulnerability to forge their own authentication cookie and bypass the...

8.6CVSS6.9AI score0.0053EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/02/07 6:24 p.m.32 views

Graylog session fixation vulnerability through cookie injection

Impact Reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject...

5.7CVSS6.7AI score0.00414EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/01/12 3:15 p.m.9 views

CVE-2023-49258

User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminaltool.cgi" in the "data" parameter...

6.1CVSS6.3AI score0.00336EPSS
Exploits0References2
OSV
OSV
added 2024/01/12 3:15 p.m.1 views

CVE-2023-49262

The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session...

9.8CVSS5.8AI score0.00666EPSS
Exploits0References2
Prion
Prion
added 2024/01/12 3:15 p.m.9 views

Design/Logic Flaw

User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminaltool.cgi" in the "data" parameter...

5.8CVSS6.6AI score0.00556EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/12 2:24 p.m.5 views

CVE-2023-49258 Reflected cross-site scripting vulnerability

User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminaltool.cgi" in the "data" parameter...

6.3AI score0.00556EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/12 2:24 p.m.15 views

CVE-2023-49258 Reflected cross-site scripting vulnerability

User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminaltool.cgi" in the "data" parameter...

6.4AI score0.00556EPSS
Exploits0References2
CVE
CVE
added 2024/01/12 2:24 p.m.34 views

CVE-2023-49258

CVE-2023-49258 is an XSS vulnerability described across sources as allowing a user’s browser to force JavaScript execution and exfiltrate the authentication cookie via the data parameter of /gui/terminal_tool.cgi. Red Hat records reiterate the issue under RH:CVE-2023-49258 with the same descripti...

6.1CVSS6.2AI score0.00336EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/01/12 12:0 a.m.4 views

Hongdian Router H8951-4G-ESP Security Vulnerability

The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian H8951-4G-ESP 2310271149, which stems from the authentication cookie being generated using an algorithm based on a username, hard-coded password, and uptime, and...

9.8CVSS6.9AI score0.00556EPSS
Exploits0References3
Rows per page
Query Builder