CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

CVE-2026-6873

CVE-2026-6873 affects Django 6.0 before 6.0.6 and 5.2 before 5.2.15. The issue is a non-injective salt derivation in django.http.HttpRequest.get_signed_cookie that concatenates the cookie name and salt argument, enabling a remote attacker to use a signed cookie in a context different from where i...

4.3CVSS5.8AI score0.00013EPSS

Exploits0References3Affected Software1

OSV•added 3 days ago•4 views

UBUNTU-CVE-2026-6873

Signed cookie salt namespace collision in django.http.HttpRequest.getsignedcookie...

3.1CVSS5.8AI score0.00013EPSS

Exploits0References2

Snyk•added 2026/04/09 6:31 p.m.•5 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...

8.7CVSS5.8AI score0.00055EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-7552

Malware in sbrugna...

9.8CVSS9.5AI score0.00194EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2009-4972

Malware in sbrugna...

7.5CVSS6.4AI score0.00304EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 3:44 p.m.•4 views

CVE-2020-9449

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS client, and BlaB! WS Pro client version 19.11 allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitra...

8.8CVSS7.3AI score0.00498EPSS

Exploits0References1

RedhatCVE•added 2025/05/21 9:3 p.m.•7 views

CVE-2009-5014

The default quickstart configuration of TurboGears2 aka tg2 before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852...

7.5CVSS7.2AI score0.00711EPSS

Exploits0References1

Positive Technologies•added 2023/12/30 12:0 a.m.•3 views

PT-2023-12620 · Sympa +1 · Sympa +1

Name of the Vulnerable Software and Affected Versions: Sympa versions prior to 6.2.62 Description: The issue relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a sa...

7.5CVSS7.2AI score0.00097EPSS

Exploits0References17

OSV•added 2020/02/28 9:15 p.m.•2 views

CVE-2020-9449

8.8CVSS7.4AI score

Exploits0References1

NVD•added 2020/02/28 9:15 p.m.•8 views

CVE-2020-9449

8.8CVSS8.8AI score0.00498EPSS

Exploits0References1

CVE•added 2020/02/28 8:19 p.m.•110 views

CVE-2020-9449

CVE-2020-9449 affects BlaB! AX/AX Pro and BlaB! WS clients (version 19.11) due to insecure RNG. An attacker with a guest or user session cookie can retrieve the cookie salt value and craft a valid session cookie to escalate privileges to other users or admin. Root cause: weak/random generation in...

8.8CVSS8.7AI score0.00498EPSS

Exploits0References1Affected Software4

Cvelist•added 2020/02/28 8:19 p.m.•13 views

CVE-2020-9449

8.8AI score0.00498EPSS

Exploits0References1

Packet Storm•added 2015/03/12 12:0 a.m.•19 views

Raritan PowerIQ 4.1 / 4.2 / 4.3 Code Execution

Raritan PowerIQ versions 4.1, 4.2, and 4.3 ship with a Rails 2 web interface with a hardcoded session secret of 8e238c9702412d475a4c44b7726a0537. This can be used to achieve unauthenticated remote code execution as the nginx user on vulnerable systems. msf exploitrailssecretdeserialization show...

0.2AI score

Exploits0

NVD•added 2010/11/06 12:0 a.m.•11 views

CVE-2009-5014

7.5CVSS6.8AI score0.00304EPSS

Exploits0References1