Lucene search
K

102 matches found

CNNVD
CNNVD
added 2026/04/29 12:0 a.m.8 views

Tenda W308R 安全漏洞

The Tenda W308R is a home wireless router from the Chinese company Tenda. It supports wireless network connections and routing management functions. The Tenda W308R v2 V5.07.48 version has a security vulnerability. This vulnerability stems from a Cookie session weakness, which allows unauthorized...

9.8CVSS5.8AI score0.00651EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 4:3 p.m.1 views

CVE-2026-5087

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

5.9AI score0.00316EPSS
Exploits0References3
OSV
OSV
added 2025/11/18 12:15 p.m.6 views

CVE-2025-41350

Stored Cross-site Scripting XSSvylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in...

5.4CVSS5.9AI score0.00238EPSS
Exploits0References1
OSV
OSV
added 2025/11/12 3:15 p.m.3 views

CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

9.8CVSS5.8AI score0.00431EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/10/05 1:15 p.m.225 views

Exploit for CVE-2025-56132

CVE-2025-56132 - LiquidFiles User Enumeration POC Vulnerab...

7.3CVSS6.4AI score0.00648EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58398

Malicious code in bioql PyPI...

9.1CVSS6.4AI score0.00448EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-47201

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00787EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-28897

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00193EPSS
Exploits0References2
CVE
CVE
added 2025/10/02 2:13 p.m.15 views

CVE-2025-59743

AndSoft e-TMS v25.03 suffers an SQL injection via the SessionID cookie in /inc/connect/CONNECTION.ASP, allowing retrieval, creation, update, and deletion of databases through POST requests. Multiple sources (NVD/CNVD/CVELIST/CNNVD) confirm the vulnerability in this version, with high CRITICAL ris...

9.8CVSS7.7AI score0.00329EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/10/02 11:15 a.m.3 views

CVE-2025-40990

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectbug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to...

5.4CVSS0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/02 10:50 a.m.3 views

CVE-2025-40992 Stored XSS in Creativeitem Sociopro

Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/updateprofile', affecting to 'name' parameter via POST. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and...

5.1CVSS5.6AI score0.00333EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/02 10:42 a.m.2 views

CVE-2025-40990 Stored XSS in Creativeitem Ekushey CRM

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectbug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to...

5.1CVSS5.7AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/20 12:24 a.m.7 views

CVE-2024-57056

Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session...

5.4CVSS6.7AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/18 12:0 a.m.8 views

CVE-2024-57056

Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session...

0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 11:32 a.m.16 views

CVE-2025-1230

Stored Cross-Site Scripting XSS vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘//index.php’, affecting the ‘link’ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cook...

4.8CVSS5.5AI score0.00245EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/12 10:38 a.m.8 views

CVE-2025-1230 Cross-Site Scripting (XSS) vulnerability in Prestashop

Stored Cross-Site Scripting XSS vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘//index.php’, affecting the ‘link’ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cook...

4.8CVSS4.8AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:31 a.m.7 views

CVE-2024-31999

@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...

7.4CVSS7.4AI score0.00616EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/10/03 12:0 a.m.6 views

The vulnerability of the microprogrammed logic controller (PLC) Advantech ADAM-5630 software, related to the ability to send a cookie session file, allows a intruder to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the microprogrammed logic controller PLC Advantech ADAM-5630 software is related to the ability to send a cookie session file. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information and enhance their privileges...

8.3CVSS5.4AI score0.00391EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/09/27 6:15 p.m.4 views

CVE-2024-39275

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user...

8.8CVSS5.8AI score0.00391EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/09/24 12:0 a.m.5 views

Express.js Cookie-Session Weak Secret Key

Express.js applications with Cookie-Session use an application key to encrypt and sign various data, including session cookies and other sensitive information. This key is typically stored in an environment variable and is used for multiple security-critical operations. When a weak or easily...

7.8AI score
Exploits0References2
Rows per page
Query Builder