PT-2025-23920 · Undefined · Undefined

🚨 CVE-2025-47218 in Auth0 WordPress plugin allows insecure deserialization of cookie data. Update now to secure your WordPress site and prevent attacks. 🔧 Read more: https://t.co/vuzKCS3VVz WordPress Auth0 Security Vulert PatchNow 🛡️ https://t.co/kW0DwLRSPO...

Auth0-PHP SDK Deserialization of Untrusted Data vulnerability

Overview The Auth0 PHP SDK contains a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected? You are...

CVE-2023-0232

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection...

CVE-2024-8644

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking aka JavaScript Hijacking.This issue affects ValeApp: before v2.0.0...

CVE-2022-43845

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...

CVE-2022-33167

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the...

U.S. Dept Of Defense: Subdomain takeover ██████

The subdomain █████ was found to be pointing to open-elb-prod-277276106.us-east-1.elb-amazonaws.com., and the domain elb-amazonaws.com was available for registration. This vulnerability could have been exploited to host unwanted content, receive email, and potentially execute cross-site scripting...

U.S. Dept Of Defense: Subdomain takeover ████████.mil

The subdomain ██████.mil was found to be pointing to a domain that is currently available for registration. This indicates a potential subdomain takeover vulnerability. The domain ████ was found to be unregistered and could have been used by an attacker to host unwanted or malicious content under...

VulnCheck KEV: CVE-2016-4326

The Chef Manage formerly opscode-manage add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie...

Cross-site Scripting (XSS)

Overview sidekiq-unique-jobs is a package containing unique jobs that were removed from sidekiq. Affected versions of this package are vulnerable to Cross-site Scripting XSS via filter functions. An attacker can obtain sensitive information from the application using this package, including...

CVE-2023-37529

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530...

HCL Technologies HCL BigFix Platform Cross-Site Scripting Vulnerability

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL Technologies HCL BigFix Platform that...

PT-2024-12634 · Hcl · Hcl Bigfix Platform

Name of the Vulnerable Software and Affected Versions: HCL BigFix Platform affected versions not specified Description: A cross-site scripting XSS issue in the Web Reports component can possibly allow an attacker to execute malicious javascript code into a webpage, attempting to retrieve...

OESA-2023-1443 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called stat followed by fopen in a way that made it...

CVE-2023-0232

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection...

SUSE CVE-2005-2148

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the...

SUSE CVE-2022-27776

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number...

CVE-2022-22330

IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126...

ALPINE-CVE-2022-32207

When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...

DEBIAN-CVE-2022-32207

When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...