CVE-2025-10503 Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 Identity Server

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

EUVD-2025-209586

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

CVE-2024-4867

The CVE-2024-4867 entry describes a cross-site scripting (XSS) vulnerability in the WSO2 API Manager developer portal. User-supplied input is not properly validated or output-encoded, enabling injection of script content executed in the user’s browser. Exploitation can cause the UI to redirect to...

PT-2026-33305

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

PT-2026-33302

The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an...

CVE-2022-23011

On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2022-23028

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection TCP Half Open flood vector is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. Note: Software versio...

CVE-2025-23044

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit...

EUVD-2021-21879

Malware in sbrugna...

EUVD-2017-5701

Malware in sbrugna...

EUVD-2023-35553

Malicious code in bioql PyPI...

EUVD-2024-18584

Malicious code in bioql PyPI...

EUVD-2021-30692

Malicious code in bioql PyPI...

EUVD-2022-28139

Malicious code in bioql PyPI...

PT-2025-27282 · Ibm · Ibm Datacap

Name of the Vulnerable Software and Affected Versions: IBM Datacap versions 9.1.7 through 9.1.9 Description: The issue is related to the improper handling of authorization tokens and session cookies, as the software does not set the secure attribute on these cookies or tokens. Attackers may be ab...

CVE-2024-20869

Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies...

Authentication Bypass

auth0/auth0-php is vulnerable to Authentication Bypass. The vulnerability is due to weak authentication tag protection due to session cookies configured with CookieStore being susceptible to brute-force attacks, potentially allowing unauthorized access...

Enable TCP-SYN Cookie Protection

TCP-SYN cookie protection mitigates the impact of SYN flood attacks on the system. When an attacker launches a SYN flood attack, the half-open connection queue in the kernel is quickly exhausted to block valid connections. If SYN cookie is enabled, the system can still accept valid connections ev...

CVE-2024-20869

Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies...

PT-2024-18779 · Samsung · Samsung Internet

Name of the Vulnerable Software and Affected Versions: Samsung Internet versions prior to 25.0.0.41 Description: The issue is related to improper privilege management, allowing local attackers to bypass protection for cookies. This enables them to access sensitive information without proper...