CVE-2026-27520

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can...

CVE-2026-27520

Binardat 10G08-0800GSM network switch firmware versions before V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Since Base64 is reversible, an attacker with cookie access can recover the plaintext password. Affected product/v...

EUVD-2025-34063

The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...

CVE-2025-10720

The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...

CVE-2025-10720

CVE-2025-10720 stems from WP Private Content Plus (through version 3.6.2) relying on a client-side cookie for access control, allowing unauthenticated attackers to bypass password protection by manually setting the cookie. Multiple sources (NVD/NVD-enriched, Red Hat, CNNVD, EUVD, CIRCL sightings,...

CVE-2025-10720 WP Private Content Plus <= 3.6.2 - Password Protection Bypass

The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...

CVE-2020-8434

Jenzabar JICS aka Internet Campus Solution before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode ...

Gitea 安全漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. Gitea suffers from a security vulnerability that stems from a Gitea client-side cookie from 1.15.7 not being deleted and the session remaining valid on the server side for reuse. An attacker can exploit this vulnerabili...

CVE-2020-8434

Jenzabar JICS aka Internet Campus Solution before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode ...