EUVD-2026-23176

Eaton Intelligent Power Protector IPP uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on t...

CVE-2026-22617

Eaton Intelligent Power Protector IPP uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on t...

cipher-xbow-benchmark

Cipher XBOW Benchmark Results Black-box assessment results fr...

CVE-2025-66457

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...

Arbitrary Code Injection

Overview elysia is an Ergonomic Framework for Human Affected versions of this package are vulnerable to Arbitrary Code Injection via the cookie config. An attacker can execute arbitrary code by injecting malicious input into the configuration when dynamic cookies are enabled and the cookie schema...

CVE-2025-66457

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...

CVE-2025-66457

CVE-2025-66457 affects Elysia (TypeScript framework). Vulnerability: when dynamic cookies are enabled and a cookie schema exists, the cookie config can be injected into compiled routes without sanitisation, enabling Arbitrary Code Injection. Root cause: unsanitized dynamic cookie configuration in...

CVE-2025-66457 Elysia affected by arbitrary code injection through cookie config

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...

CVE-2025-66457 Elysia affected by arbitrary code injection through cookie config

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...

Elysia affected by arbitrary code injection through cookie config

Arbitrary code execution from cookie config. If dynamic cookies are enabled ie there exists a schema for cookies, the cookie config is injected into the compiled route without first being sanitised. Availability of this exploit is generally low, as it requires write access to either the Elysia...

GHSA-8VCH-M3F4-Q8JF Elysia affected by arbitrary code injection through cookie config

Arbitrary code execution from cookie config. If dynamic cookies are enabled ie there exists a schema for cookies, the cookie config is injected into the compiled route without first being sanitised. Availability of this exploit is generally low, as it requires write access to either the Elysia...

EUVD-2025-202179

Elysia affected by arbitrary code injection through cookie config...

EUVD-2025-8015

Malicious code in bioql PyPI...

CVE-2019-17104

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set...

PT-2023-22224 · Ibm · Ibm Sterling Connect:Express For Unix

Name of the Vulnerable Software and Affected Versions: IBM Sterling Connect:Express for UNIX version 1.5 Description: The issue is related to the use of cookies without the SameSite attribute in the browser UI, making it vulnerable to certain attacks. Recommendations: For IBM Sterling...

GHSA-J224-7QR4-8646 Centreon Does Not Set HTTPOnly Flag

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set...

CVE-2019-17104

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set...

Insecure Cookie Configuration

apache guacamole uses an insecure cookie configuration. The secure flag is not configured on session tokens, which would allow an attacker to obtain the session tokens in clear text...