Service Finder Bookings - Authentication Bypass

Service Finder Bookings WordPress plugin = 6.0 contains a privilege escalation caused by improper validation of user cookie in servicefinderswitchback function, letting unauthenticated attackers login as any user including admins. id: CVE-2025-5947 info: name: Service Finder Bookings -...

CVE-2025-67446

Improper Authentication Authentication Bypass exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value e.g., setting it to "admin", an attacker can bypass the authentication schema and gain...

PT-2026-29142

Name of the Vulnerable Software and Affected Versions WordPress Debugger & Troubleshooter plugin versions through 1.3.2 Description The Debugger & Troubleshooter plugin for WordPress was susceptible to Unauthenticated Privilege Escalation. The plugin accepted the wp debug troubleshoot simulate us...

NewStart CGSL MAIN 6.06 (SP) : dbus Multiple Vulnerabilities (NS-SA-2026-0004)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has dbus packages installed that are affected by multiple vulnerabilities: - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, use...

MiracleLinux 8 : ruby:2.6 (AXSA:2022-3073:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3073:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

CVE-2018-19224

An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies...

TencentOS Server 3: dbus (TSSA-2022:0097)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0097 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2013-2445

Malware in sbrugna...

EUVD-2018-10933

Malware in sbrugna...

EUVD-2019-4335

Malware in sbrugna...

NewStart CGSL MAIN 6.06 : dbus Multiple Vulnerabilities (NS-SA-2025-0231)

The remote NewStart CGSL host, running version MAIN 6.06, has dbus packages installed that are affected by multiple vulnerabilities: - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses o...

CVE-2010-1507

WebYaST in yast2-webclient in SUSE Linux Enterprise SLE 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key...

Cookie Poisoning

Quarkus-HTTP is vulnerable to Cookie Poisoning. The vulnerability is due to improper parsing of cookies with specific value-delimiting characters, allowing attackers to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values...

CVE-2023-4639

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

undertow: Cookie Smuggling/Spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

undertow: Cookie Smuggling/Spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

undertow: Cookie Smuggling/Spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

undertow: Cookie Smuggling/Spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

SUSE CVE-2010-1507

WebYaST in yast2-webclient in SUSE Linux Enterprise SLE 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key...

SUSE CVE-2014-3613

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1...