Session Fixation

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Session Fixation via /proxy reverse proxy requests. A malicious HF Space can hijack user sessions and gain unauthorized access to other users'...

CVE-2021-47923

OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized...

CVE-2021-47923 OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie

OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized...

CVE-2021-22676

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting XSS, which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA...

Host Header Injection

Backdrop CMS is vulnerable to Host Header Injection. The vulnerability is due to improper validation of the Host header in password reset requests, which allows an attacker to manipulate redirects to malicious domains and potentially perform session hijacking via cookie injection...

Backdrop CMS Host Header Injection vulnerability

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...

CVE-2025-63828

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...

CVE-2025-63828

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...

EUVD-2019-0420

Malware in sbrugna...

EUVD-2020-29884

Malware in sbrugna...

EUVD-2018-3017

Malware in sbrugna...

EUVD-2001-0840

Malware in sbrugna...

EUVD-2006-3660

Malware in sbrugna...

EUVD-2024-17257

Malicious code in bioql PyPI...

EUVD-2023-46281

Malicious code in bioql PyPI...

EUVD-2025-13360

Malicious code in bioql PyPI...

EUVD-2025-28377

Malicious code in bioql PyPI...

CVE-2025-50891

The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any action to update locally installed software such as Adform Site Tracking 1.1...

PT-2025-33850 · Adform · Adform Site Tracking

Name of the Vulnerable Software and Affected Versions: Adform Site Tracking version 1.1 Description: Adform Site Tracking version 1.1 is susceptible to HTML injection and arbitrary code execution through cookie hijacking. Recommendations: At the moment, there is no information about a newer versi...

CVE-2025-50891

CVE-2025-50891 affects Adform Site Tracking (backend) and specifically Adform Site Tracking version 1.1. It describes HTML injection and arbitrary code execution via cookie hijacking in the server-side backend, with CVSSv3.1 base score 7.2 (HIGH) and network attack vector with low attack complexi...