CVE-2025-10720

The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...

CVE-2025-10720 WP Private Content Plus <= 3.6.2 - Password Protection Bypass

The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...

PT-2025-41778

Name of the Vulnerable Software and Affected Versions WP Private Content Plus versions through 3.6.2 Description The software includes a content protection feature requiring a password, but the access control check relies solely on a client-side cookie. An unauthenticated attacker can bypass the...

EUVD-2022-1126

Malicious code in bioql PyPI...

CVE-2025-8118

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: logincount and logintimeout. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting those cookies. This issue...

CVE-2025-8118

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: logincount and logintimeout. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting those cookies. This issue...

PT-2025-39967

Name of the Vulnerable Software and Affected Versions PAD CMS affected versions not specified Description The software utilizes weak client-side brute-force protection relying on cookies, specifically login count and login timeout. The attempt count and timeout information are not stored...

FlatPress <= 1.3.1 Information Disclosure Vulnerability

FlatPress is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE CVE-2019-14241

HAProxy through 2.0.2 allows attackers to cause a denial of service hapanic via vectors related to htxmanageclientsidecookies in protohtx.c...

Improper Privilege Management in Gitea

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse...

Incomplete Cleanup

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse...

CVE-2021-45330

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse...

CVE-2021-45330

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse...