[SECURITY] Fedora 43 Update: haproxy-3.0.23-2.fc43

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

GHSA-453R-G2PG-CXXQ Local Incus UI web server vulnerable to nuthentication bypass

Summary The web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. Details incus webui runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token...

DEBIAN-CVE-2026-33898

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

CVE-2026-33898

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

EUVD-2018-15896

Malware in sbrugna...

CVE-2025-54592 FreshRSS has Incomplete Session Termination on Logout

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains active and unchanged. The unchanged cookie could be reused by an attacker if a new session were to be started. This...

CVE-2025-24896 Misskey allows token to remain valid in cookie after signing out

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named token is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary...

Advantech ADAM-5630 安全漏洞

Advantech ADAM-5630 is an edge intelligent data acquisition controller from Advantech, China. The Advantech ADAM-5630 suffers from an Access Control Error vulnerability that originates from an authenticated user's cookie being retained as a valid cookie even after the session is closed. An attack...

PT-2024-13276 · Ibm · Sametime

Name of the Vulnerable Software and Affected Versions: Sametime affected versions not specified Description: The issue is related to a failure to invalidate sessions in Sametime. Sensitive cookie values are set in a persistent manner in Sametime Web clients, allowing these values to remain valid...

How to Verify Load Balancing Cookie Insert Persistence on NetScaler

...

GHSA-Q4CQ-R7HG-PXQQ Improper Authentication in Jenkins

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled...

CVE-2021-41268 Cookie persistence in Symfony

Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie in version 5.3.0, the cookie is not invalidated when the user changes their password. Attackers can therefor...

CVE-2021-41268: Remember me cookie persistance after password changes

More info at https://symfony.com/cve-2021-41268...

Mail.ru: XSS (reflected, and then, cookie persisted) on api documentation site theme selector (old version of dokuwiki)

Reflected XSS on apidocs.ucs.ru via GET parameter bootswatch-theme...

CVE-2019-20849

Mattermost Mobile Apps prior to version 1.26.0 have a cookie-clearing issue: cookie data can persist on the device after logout. Root cause indicated across sources is failure to clear cookies on logout, enabling possible exposure of prior session data. Impact aligns with partial confidentiality ...

CVE-2018-4110

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence...

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence...

CVE-2018-4110

CVE-2018-4110 affects iOS Web App in Apple devices prior to iOS 11.3. The vulnerability allows a remote attacker to bypass cookie persistence restrictions in the Web App component, leading to cookies potentially persisting contrary to intended limits. The CVE entry credits Ben Compton and Jason C...

CVE-2018-4110

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence...

F5 BIG-IP Cookie Persistence (HTTP) - Active Check

The remote load balancer suffers from an information disclosure vulnerability. SPDX-FileCopyrightText: 2005 Shavlik Technologies, LLC Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...