CVE-2026-46550

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it t...

CVE-2026-46550

NocoDB’s CVE-2026-46550 concerns the refresh-token cookie being set with httpOnly but without Secure and SameSite attributes prior to 2026.04.1. The root cause is in setTokenCookie(), which emitted a cookie with only httpOnly (and possibly domain), leaving it vulnerable to interception over HTTP ...

CVE-2026-46550 NocoDB: Refresh Token Cookie Set Without `Secure` and `SameSite` Flags

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it t...

GHSA-542P-WVX7-72M4 Litestar has HTML Injection Through its CSRF Token

Overview Litestar instances which use a template engine in conjunction with CSRF protection are vulnerable to HTML Injection which can be escalated to Cross Site Scripting due to the contents of the CSRF cookie being excluded from automatic escaping by the template engine when configured inline...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized string concatenation in the authglinet middleware when the application is started in GLiNET mode. An attacker can gain full administrative access by supplying a crafted path traversal sequence in the...

CVE-2026-41448 AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

AdGuardHome 路径遍历漏洞

AdGuardHome is a DNS blocking service developed by the AdguardTeam. It prevents advertisements and trackers from reaching users across the network. AdGuardHome has a path traversal vulnerability, which stems from authentication bypass. This vulnerability allows unauthenticated attackers to obtain...

CVE-2026-46398

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

CVE-2026-46398

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

CVE-2026-46398 HAX CMS Missing Secure Flag on Cookie

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

EUVD-2026-34893

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

CVE-2026-46398

HAX CMS vulnerability: the haxcms_refresh_token cookie is set without the Secure flag in versions 25.0.0 through

HAXCMS 安全漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS from 25.0.0 to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the haxcmsrefreshtoken cookie did not have the Secure flag set. This allowed the token to be...

EUVD-2019-20165

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...

CVE-2019-25729 PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...

Simcy Creative PDF Signer 跨站请求伪造漏洞

Simcy Creative PDF Signer is a PDF document signing and editing software developed by Simcy Creative. Version 3.0 of Simcy Creative PDF Signer contains a cross-site request forgeing vulnerability. This vulnerability stems from injecting PHP commands through the CSRF-TOKEN cookie parameter, allowi...

CVE-2026-10107 MoviePilot v2 SSRF via /api/v1/system/img/{proxy} Endpoint

MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resourcetoken cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal network protection...

EUVD-2026-33364

MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resourcetoken cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal network protection...

NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags

Summary The refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh endpoint...

PT-2026-42676

Name of the Vulnerable Software and Affected Versions NocoDB affected versions not specified Description The refresh-token cookie is configured with httpOnly: true but lacks the secure flag and the sameSite attribute. The absence of the secure flag allows the cookie to be intercepted over plain...