CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

EUVD-2023-58398

Malicious code in bioql PyPI...

The vulnerability of the microprogrammed logic controller (PLC) Advantech ADAM-5630 software, related to the ability to send a cookie session file, allows a intruder to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the microprogrammed logic controller PLC Advantech ADAM-5630 software is related to the ability to send a cookie session file. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information and enhance their privileges...

bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)

Title: bgERP v22.31 Orlovets - Cookie Session vulnerability & Cross-Site Scripting XSS Author: nu11secur1ty Date: 01.31.2023 Vendor: https://bgerp.com/Bg/Za-sistemata Software: https://github.com/bgerp/bgerp/releases/tag/v22.31 Reference:...

Senayan Library Management System 9.2.2 SQL Injection Vulnerability

Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 Multiple SQLi-Not sanitizing correctly cookie session. Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.2 Reference:...