CVE-2025-67446

Improper Authentication Authentication Bypass exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value e.g., setting it to "admin", an attacker can bypass the authentication schema and gain...

HTTP Response Splitting

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the serialize function. An attacker can inject arbitrary attributes into the Set-Cookie response header by supplying crafted input to the sameSite or priority...

CVE-2026-5617 Login as User <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation via 'oclaup_original_admin' Cookie

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handlereturntoadmin function trusting a client-controlled cookie oclauporiginaladmin to determine which user to authenticate as, without any server-side...

PT-2026-32497

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the original username cookie. Attackers can set the client-controlled original username cookie to any value and request a...

CVE-2022-50926 WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation

WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication...

EUVD-2018-2591

Malware in sbrugna...

EUVD-2024-50252

Malicious code in bioql PyPI...

CVE-2024-40112

A Local File Inclusion LFI vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information...

CVE-2024-13060

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...

IBM OpenPages with Watson 跨站请求伪造漏洞

IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...

CVE-2024-9970

The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie...

CVE-2024-9970

CVE-2024-9970 concerns NewType’s FlowMaster BPM Plus, where a privilege-escalation flaw allows an attacker with regular privileges to tamper with a specific cookie to gain administrator rights. The CVSS-3.1 metrics indicate Network access, Low attack complexity, Privileges Required: Low, with Hig...

CVE-2024-9970 NewType FlowMaster BPM Plus - Privilege Escalation

The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie...

PT-2024-39968 · Newtype · Flowmaster Bpm Plus

Name of the Vulnerable Software and Affected Versions: FlowMaster BPM Plus affected versions not specified Description: The FlowMaster BPM Plus system from NewType has a privilege escalation issue. Remote attackers with regular privileges can elevate their privileges to administrator by tampering...

Electrolink FM/DAB/TV Transmitter 安全漏洞

The Electrolink FM/DAB/TV Transmitter is a series of transmitters from Electrolink. A security vulnerability exists in the Electrolink FM/DAB/TV Transmitter that stems from the presence of an elevation of privilege vulnerability, which could lead to an attacker manipulating or tampering with...

PT-2024-19105 · Electrolink · Electrolink Fm/Dab/Tv Transmitter

Name of the Vulnerable Software and Affected Versions: Electrolink FM/DAB/TV Transmitter affected versions not specified Description: The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages, allowing more critical operations to the...

PT-2024-21355 · Unknown · Recrystallize Server

Name of the Vulnerable Software and Affected Versions: ReCrystallize Server version 5.10.0.0 Description: The issue concerns an authorization mechanism that relies on the value of a cookie but does not bind this value to a session ID. This allows attackers to easily modify the cookie value within...

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...