Insertion of Sensitive Information into Log File

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File. httperrorlog. An attacker can obtain sensitive information through $COOKIE and $SERVER variables, includin...

CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

EUVD-2026-2729

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

CVE-2026-23493

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

CVE-2026-23493

Pimcore stores sensitive data in http_error_log prior to versions 12.3.1 and 11.5.14, exposing $_COOKIE and $_SERVER variables (e.g., DB credentials, session data) via the backend. The issue is fixed in Pimcore 12.3.1 and 11.5.14. Mitigation: upgrade to these versions or apply vendor-provided pat...

CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

PT-2026-3074

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. Prior to versions 12.3.1 and 11.5.14, the http error log file stores the $ COOKIE and $ SERVER...

CVE-2019-20849

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...

EUVD-2019-11386

Malware in sbrugna...

EUVD-2020-14932

Malware in sbrugna...

EUVD-2014-4385

Malware in sbrugna...

EUVD-2016-1200

Malicious code in bioql PyPI...

CVE-2025-8528

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The...

GHSA-C42H-56WX-H85Q laravel-auth0 SDK Deserialization of Untrusted Data vulnerability

Overview The laravel-auth0 SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected?...

laravel-auth0 SDK Deserialization of Untrusted Data vulnerability

Overview The laravel-auth0 SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected?...

GHSA-98J6-67V3-MW34 Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability

Overview The Auth0 Symfony SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected?...

Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability

Overview The Auth0 Symfony SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected?...

Deserialization Of Untrusted Data

auth0/auth0-php is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure deserialization due to the SDK processing untrusted cookie data without authentication, allowing attackers to inject malicious serialized payloads...

GHSA-862M-5253-832R Auth0 Wordpress Plugin vulnerable to Deserialization of Untrusted Data

Overview The Auth0 Wordpress plugin contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I...

Auth0 Wordpress Plugin vulnerable to Deserialization of Untrusted Data

Overview The Auth0 Wordpress plugin contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I...