DRUPAL-CONTRIB-2026-040

This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to an attacker being able to delete arbitrary cookies. This vulnerability is mitigated by the fact that an attacker needs ...

PT-2026-46080

This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to an attacker being able to delete arbitrary cookies. This vulnerability is mitigated by the fact that an attacker needs ...

TacJS - Moderately critical - Improper Access Control - SA-CONTRIB-2026-040

This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to an attacker being able to delete arbitrary cookies. This vulnerability is mitigated by the fact that an attacker needs ...

EUVD-2009-5040

Malware in sbrugna...

BIT-ENVOY-2025-55162 Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

CVE-2025-55162 Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

CVE-2025-55162 Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

CVE-2025-55162 Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

CVE-2025-55162

CVE-2025-55162 affects Envoy (OAuth2 filter). The issue is insufficient Session Expiration: when cookie names are __Secure- or __Host-, the filter fails to add the Secure attribute to the Set-Cookie header during deletion, causing cookies to persist and enabling session hijacking on shared machin...

Envoy 代码问题漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A code issue vulnerability exists in Envoy, which stems from the OAuth2 filter omitting the Secure attribute when deleting session cookies with the Secure-/Host- prefix, resulting in the browser rejecting the delet...

Piwigo 'ws_session_logout' function security bypass vulnerability

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A security vulnerability exists in the 'wssessionlogout' function in Piwigo 2.9.1 and earlier versions, which stems from...

ZaoCMS - 'download.php' Remote File Disclosure

-------------------------------------------------------------- ZaoCMS Remote File Disclosure Vulnerability --------------------------------------------------------------- Founder :ThE g0bL!N Home:http://www.zaocms.com/ Software : ZaoCMS Note: The OperatIon Worked By Deleting Your Cookies From The...

Have JIRA delete cookie when user authentication fails

I would like to suggest that if JIRA loads the user details id and password from a cookie and attempts to authenticate and fails then JIRA should delete the cookie. The logic behind this is: We are using LDAP for authentication to Novell's NDS and if a user gets JIRA to remember their id and...

Have JIRA delete cookie when user authentication fails

I would like to suggest that if JIRA loads the user details id and password from a cookie and attempts to authenticate and fails then JIRA should delete the cookie. The logic behind this is: We are using LDAP for authentication to Novell's NDS and if a user gets JIRA to remember their id and...

OpenSSH allows arbitrary file deletion via symlink redirection of temporary file

Overview Due to insecure handling of temporary files, some versions of sshd, an encrypted connection program, can delete any file named "cookies" accessible via the computer running sshd. Description sshd is the server software used to support ssh, a popular encryted connection program. Some...