CVE-2026-42365

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability...

EUVD-2016-10154

Malware in sbrugna...

EUVD-2023-12886

Malicious code in bioql PyPI...

CVE-2025-48461

CVE-2025-48461 involves weak, predictable session cookies that enable an unauthenticated attacker to perform brute‑force guessing and account takeover, potentially gaining root/admin/user access and resetting passwords. Connected sources reference affected Advantech industrial controllers (WISE-4...

GHSA-9358-CPVX-C2QP Magento LTS's guest order "protect code" can be brute-forced too easily

Impact Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protectcode". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. Patch...

Sielco PolyEco Digital FM Transmitter 2.0.6 Cookie Brute Force

Sielco PolyEco Digital FM Transmitter 2.0.6 'polyeco' Session Hijacking Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10.19 PolyEco500 CPU:1.7.0 FPGA:10.16 PolyEco300...

Sielco PolyEco1000 授权问题漏洞

Sielco PolyEco1000 is an environmental monitoring and control system from Sielco designed to monitor and control data on water quality, meteorology, gas concentrations, energy management and environmental parameters. A security vulnerability exists in Sielco PolyEco1000 that stems from the...

CVE-2021-44151

An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version the Linux version appears to have 8 characters. An attacker can obtain the static part of the cooki...

Arteco Web Client DVR/NVR Session Hijacking Vulnerability

The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream. !/usr/bin/env python3 Arteco Web Client DVR/NVR 'SessionId' Cookie Brute...

Moxa MiiNePort Session Hijacking Vulnerability

Moxa MiiNePort is an embedded device networking module from Moxa designed for manufacturers to connect serial devices to a network connection. A security vulnerability exists in Moxa MiiNePort. An attacker could use this vulnerability to brute-force decode session cookies and download configurati...