PT-2026-46263

Name of the Vulnerable Software and Affected Versions Neterbit NW-431F Router versions prior to 20241014-IR03 Description Improper Authentication allows for an authentication bypass due to the use of weak and predictable cookie values. An attacker can gain unauthorized access to administrative...

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940: cPanel/WHM Authentication Bypass Analysis...

CVE-2026-5901

CVE-2026-5901 concerns insufficient policy enforcement in Chrome/Chromium DevTools, enabling a user-assisted attacker who installs a malicious extension to bypass enterprise host restrictions for cookie modification. The issue affects Chrome/Chromium builds prior to version 147.0.7727.55, with ad...

CVE-2026-39410

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to th...

CVE-2026-39410 Hono has a non-breaking space prefix bypass in cookie name handling in getCookie()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to th...

CVE-2026-39410

Hono CVE-2026-39410 involves a cookie handling flaw in getCookie() where a mismatch between browser cookie parsing and JavaScript parse() trim() causes cookies with a non-breaking-space prefix (U+00A0) to shadow or override legitimate cookies. This can bypass __Secure- and __Host- prefix protecti...

PT-2026-7893

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.10.4 authentik versions prior to 2025.12.4 Description authentik is an open-source identity provider. A malformed cookie could bypass authentication when using forward authentication with the authentik Proxy...

MiracleLinux 9 : php:8.1 (AXSA:2024-9437:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9437:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

MiracleLinux 9 : firefox-91.9.0-1.el9.ML.1 (AXSA:2022-3990:29)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3990:29 advisory. Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 Mozilla: iframe Sandbox bypass CVE-2022-29911 Mozilla: Fullscreen...

MiracleLinux 9 : php:8.2 (AXSA:2024-9503:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9503:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

MiracleLinux 8 : php:8.2 (AXSA:2024-9505:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9505:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior,...

WordPress plugin WP Private Content Plus 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2015-3108

Malware in sbrugna...

EUVD-2008-4701

Malware in sbrugna...

EUVD-2018-8972

Malware in sbrugna...

EUVD-2014-3583

Malware in sbrugna...

EUVD-2025-24632

Malicious code in bioql PyPI...

EUVD-2023-31320

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-2156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow...