Lucene search
K

4 matches found

OSV
OSV
added 2026/06/23 12:59 p.m.5 views

JLSEC-2026-615 Cookie jar accepts Secure/__Host-/__Secure- cookies from non-secure origins in HTTP.jl

Description setcookies! stored every parsed Set-Cookie after only checking that the response scheme was http or https, with no protection symmetric to the read path shouldsend, which already withholds Secure cookies from non-secure requests. A plaintext http origin could therefore plant a Secure...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/20 12:0 a.m.3 views

PT-2023-21170 · Npm · @Fastify/Csrf-Protection

Name of the Vulnerable Software and Affected Versions: @fastify/csrf-protection versions prior to 4.1.0 @fastify/csrf-protection versions prior to 6.3.0 Description: The CSRF protection mechanism in the @fastify/csrf-protection library can be bypassed by network and same-site attackers under...

6.5CVSS6.2AI score0.00829EPSS
Exploits0References12
OSV
OSV
added 2019/02/04 7:29 p.m.2 views

DEBIAN-CVE-2019-7350

Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies between 3 and 5 is being generated when a user successfully logs in, and these...

7.3CVSS6.9AI score0.00987EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/20 12:0 a.m.1 views

Multiple Vulnerabilities in SecGate 3600-A1500

SecGate3600-A1500 is a security gateway product of NetShen Information Technology Beijing Co. SecGate3600-A1500 suffers from COOKIE fixation and login bypass vulnerabilities, which can be exploited by attackers to obtain sensitive information...

6.7AI score
Exploits0
Rows per page
Query Builder