Lucene search
K

18 matches found

CVE
CVE
added 2026/05/14 6:44 a.m.18 views

CVE-2026-6510

The CVE-2026-6510 entry describes a privilege-escalation flaw in the InfusedWoo Pro WordPress plugin. Affected component: iwar_save_recipe() AJAX handler; root cause: missing nonce verification and capability checks. Impact: unauthenticated attackers can craft a URL to pair an HTTP post trigger w...

9.8CVSS5.8AI score0.00439EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.6 views

CVE-2026-25072

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

9.8CVSS5.8AI score0.00495EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 12:0 a.m.4 views

CVE-2025-69602

A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from the same browser, allowing an attacker who c...

5.9AI score0.00348EPSS
Exploits1References1
CVE
CVE
added 2025/09/30 10:4 a.m.20 views

CVE-2025-8118

Technical details for CVE-2025-8118 are not publicly available in the provided documents; no affected product/version or fix is described here. Monitor for updates.

6.9CVSS6.4AI score0.00205EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/20 9:0 p.m.47 views

Cookies are sent to external images in rendered diff (and server side request forgery)

Impact The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that...

9CVSS6.7AI score0.0071EPSS
Exploits0References5Affected Software1
0day.today
0day.today
added 2023/04/05 12:0 a.m.220 views

bgERP v22.31 (Orlovets) - Cookie Session vulnerability / Cross-Site Scripting Vulnerabilities

Title: bgERP v22.31 Orlovets - Cookie Session vulnerability & Cross-Site Scripting XSS Author: nu11secur1ty Vendor: https://bgerp.com/Bg/Za-sistemata Software: https://github.com/bgerp/bgerp/releases/tag/v22.31 Reference:...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.232 views

bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)

Title: bgERP v22.31 Orlovets - Cookie Session vulnerability & Cross-Site Scripting XSS Author: nu11secur1ty Date: 01.31.2023 Vendor: https://bgerp.com/Bg/Za-sistemata Software: https://github.com/bgerp/bgerp/releases/tag/v22.31 Reference:...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/24 1:27 p.m.30 views

23-Year-Old Russian Hacker Wanted by FBI for Running Marketplace of Stolen Logins

A 23-year-old Russian national has been indicted in the U.S. and added to the Federal Bureau of Investigation's FBI Cyber Most Wanted List for his alleged role as the administrator of Marketplace A, a cyber crime forum that sold stolen login credentials, personal information, and credit card data...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2021/01/15 8:51 p.m.23 views

Valve: Big Picture web browser leaks login cookies and discloses sensitive information (may lead to account takeover)

Researcher reported an issue where certain secure cookies would be included in a web request initiated through Steam Big Picture mode that was initially to a trusted origin but subsequently forwarded to a site on a different origin...

1.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/19 4:2 p.m.4 views

Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication. SafetyDetective researcher Anurag Sen last month discovered two...

5.8AI score
Exploits0
OSV
OSV
added 2019/02/04 7:29 p.m.6 views

UBUNTU-CVE-2019-7350

Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies between 3 and 5 is being generated when a user successfully logs in, and these...

7.3CVSS7.3AI score0.00987EPSS
Exploits1References3
OSV
OSV
added 2017/12/18 6:29 a.m.4 views

CVE-2017-17735

CMS Made Simple CMSMS before 2.2.5 does not properly cache login information in cookies...

9.8CVSS5.8AI score0.01086EPSS
Exploits0References2
CNVD
CNVD
added 2017/06/26 12:0 a.m.2 views

PHPMailer Cross-Site Scripting Vulnerability

PHPMailer is a package of PHP functions for sending e-mail . A cross-site scripting vulnerability exists in PHPMailer. An attacker can exploit this vulnerability to obtain user login cookie information...

6.2AI score
Exploits0References1
0day.today
0day.today
added 2015/12/03 12:0 a.m.27 views

CompuIT CMS - Cross Site Scripting Vulnerability

Exploit for php platform in category web applications - Title : CompuIT CMS - Cross Site Scripting Vulnerability - Author : ZwX - Date : 01/12/2015 - Vendor : http://www.compuitgh.com - Tested On : Windows 7 =============================== Description Vulnerability : =============================...

7.1AI score
Exploits0
0day.today
0day.today
added 2015/10/11 12:0 a.m.21 views

Amiro CMS 5.14 - XSS (Reflected) Vulnerability

Exploit for php platform in category web applications Title : Amiro CMS 5.14 - XSS Reflected Vulnerability Date : 14/01/2015 Author : ZwX Demo Link : http://dart.amirocms.com/ Vendor : http://www.amirocms.com/ Tested on : Windows 7 Description It is possible to redirect to a malicious site admin ...

7.1AI score
Exploits0
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.32 views

Native DOM methods can be hijacked across domains — Mozilla

A malicious page can hijack native DOM methods on a document object in another domain, which will run the attacker's script when called by the victim page. This could be used to steal login cookies, password, or other sensitive data on the target page, or to perform actions on behalf of a logged-...

5.8CVSS5.7AI score0.02316EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.34 views

XSS viewing javascript: frames or images from context menu — Mozilla

Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose "View Image" from the context menu then he could get javascript to run on a site of the attacker's choosing by making the image src attribute a javascript: URL and loading the target...

4.3CVSS1.8AI score0.01548EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.18 views

Standalone applications can run arbitrary code through the browser — Mozilla

Several media players, for example Flash and QuickTime, support scripted content with the ability to open URLs in the default browser. The default behavior for Firefox was to replace the currently open browser window's content with the externally opened content. If the external URL was a...

7AI score
Exploits0References1Affected Software1
Rows per page
Query Builder