Lucene search
+L

556 matches found

Patchstack
Patchstack
added 2026/03/30 9:7 p.m.5 views

WordPress Debugger & Troubleshooter plugin <= 1.3.2 - Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation vulnerability

Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Debugger & Troubleshooter versions = 1.3.2...

8.8CVSS5.9AI score0.00422EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.7 views

CVE-2026-22204

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the commentauthoremail cookie. Attackers can craft a malicious cookie value that, when processed through urldecode and passed to wpmail...

6.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/05 2:7 a.m.4 views

CRLF Injection

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to CRLF Injection via the setCookie utility. An attacker can inject unauthorized cookie attributes by supplying specially crafted input containing semicolons, carriage returns, or newline...

6.3CVSS5.8AI score0.00216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : mod_auth_openidc:2.3 (AXSA:2024-8687:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8687:01 advisory. modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating cookies CVE-2024-24814 Tenable has extracted the preceding description block...

7.5CVSS5.6AI score0.01261EPSS
Exploits1References2
NVD
NVD
added 2026/01/13 11:15 p.m.8 views

CVE-2022-50926

WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication...

9.8CVSS0.00476EPSS
Exploits0References3
CVE
CVE
added 2026/01/13 10:51 p.m.17 views

CVE-2022-50926

The vulnerability CVE-2022-50926 affects WAGO 750-8212 PFC200 G2 2ETH RS firmware. A flaw allows an unauthenticated attacker to escalate privileges by manipulating the session cookie’s name and roles, gaining administrative access. Documents indicate this is a cookie-based privilege escalation wi...

9.8CVSS6.7AI score0.00476EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:18 p.m.8 views

CVE-2018-10189

An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each...

7.5CVSS6.5AI score0.01177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.7 views

CVE-2021-28680

The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...

8.1CVSS6.9AI score0.0121EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.28 views

CVE-2022-35507

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

7.1CVSS7AI score0.0138EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.13 views

CVE-2022-23485

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...

6.4CVSS6.7AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:37 a.m.10 views

CVE-2020-7879

This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie'COOKIE' . The value is transferred to the --header option in wget binary, and there is no validation check...

9.8CVSS7.3AI score0.01401EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/12/30 4:2 p.m.7 views

CVE-2025-15255

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...

10CVSS6.2AI score0.03923EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/12/30 4:2 p.m.5 views

EUVD-2025-205819

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has bee...

10CVSS6.8AI score0.03923EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/12/30 3:54 p.m.20 views

CVE-2025-15194

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack...

10CVSS7AI score0.01041EPSS
Exploits1References1
NVD
NVD
added 2025/12/23 8:15 p.m.5 views

CVE-2021-47721

Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized...

8.8CVSS0.0042EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.162 views

📄 ICTBroadcast 7.0 Remote Code Execution

A vulnerability in ICTBroadcast version 7.0 allows unauthenticated remote command execution due to improper handling of session cookie values. An attacker can modify cookie entries to inject system commands that the application unintentionally executes...

9.3CVSS7.6AI score0.05991EPSS
Exploits3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-6201

Malware in sbrugna...

7.5CVSS6.4AI score0.02907EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2008-4764

Malware in sbrugna...

7.5CVSS6.4AI score0.02773EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-1713

Malware in sbrugna...

10CVSS6.4AI score0.02736EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2008-4694

Malware in sbrugna...

7.5CVSS6.4AI score0.02561EPSS
Exploits1References4
Rows per page
Query Builder