52 matches found
EUVD-2026-19820
Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization...
Not Failing Securely ('Failing Open')
Overview rack-session is a session implementation for Rack. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the Rack::Session::Cookie function when it is configured with the secrets: option. An attacker can gain unauthorized access or escalate privileges...
CVE-2026-39324
Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...
Directory Traversal
Overview @react-router/node is a Node.js platform abstractions for React Router Affected versions of this package are vulnerable to Directory Traversal via the createFileSessionStorage function. An attacker can access or modify files outside the intended session file directory by crafting a...
CVE-2025-63206
An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...
CVE-2025-63206
An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...
CVE-2025-63206
An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...
CVE-2025-63206
An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...
PT-2025-47493
Name of the Vulnerable Software and Affected Versions Dasan Switch DS2924 versions 1.01.18 and 1.02.00 Description An authentication bypass exists in the web based interface of Dasan Switch DS2924. Successful exploitation allows attackers to gain escalated privileges by storing specially crafted...
Lucee < 6.0.1.59 Remote Code Execution
Lucee versions prior to 6.0.1.59 are vulnerable to Remote Code Execution RCE via crafted cookies. An attacker can exploit this vulnerability by sending a specially crafted cookie to the server, which can lead to arbitrary code execution on the server hosting the Lucee application. No source data...
CVE-2024-33507
An insufficient session expiration vulnerability CWE-613 and an incorrect authorization vulnerability CWE-863 in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logg...
CVE-2024-33507
CVE-2024-33507 affects FortiIsolator: multiple releases are vulnerable due to an insufficient session expiration (CWE-613) and an incorrect authorization flaw (CWE-863). A remote unauthenticated attacker can deauthenticate logged-in administrators by sending a crafted cookie, and a remote authent...
CVE-2024-33507
An insufficient session expiration vulnerability CWE-613 and an incorrect authorization vulnerability CWE-863 in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logg...
EUVD-2021-18701
Malware in sbrugna...
EUVD-2014-2168
Malware in sbrugna...
CVE-2025-11021
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in...
python-tornado: Tornado has HTTP cookie parsing DoS vulnerability
A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...
python-tornado: Tornado has HTTP cookie parsing DoS vulnerability
A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...
python-tornado: Tornado has HTTP cookie parsing DoS vulnerability
A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...
CVE-2024-7261
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70ABVT.4 and earlier, WAC500 firmware version 6.70ABVS.4 and earlier, WAX655E firmware version 7.00ACDO.1 and earlier, WBE530 firmware version 7.00ACLE.1 and earlier,...