102 matches found
Tenda W308R 安全漏洞
The Tenda W308R is a home wireless router from the Chinese company Tenda. It supports wireless network connections and routing management functions. The Tenda W308R v2 V5.07.48 version has a security vulnerability. This vulnerability stems from a Cookie session weakness, which allows unauthorized...
CVE-2026-5087
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
CVE-2025-41350
Stored Cross-site Scripting XSSvylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in...
CVE-2025-63666
Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...
Exploit for CVE-2025-56132
CVE-2025-56132 - LiquidFiles User Enumeration POC Vulnerab...
EUVD-2023-58398
Malicious code in bioql PyPI...
EUVD-2023-47201
Malicious code in bioql PyPI...
EUVD-2025-28897
Malicious code in bioql PyPI...
CVE-2025-59743
AndSoft e-TMS v25.03 suffers an SQL injection via the SessionID cookie in /inc/connect/CONNECTION.ASP, allowing retrieval, creation, update, and deletion of databases through POST requests. Multiple sources (NVD/CNVD/CVELIST/CNNVD) confirm the vulnerability in this version, with high CRITICAL ris...
CVE-2025-40990
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectbug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to...
CVE-2025-40992 Stored XSS in Creativeitem Sociopro
Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/updateprofile', affecting to 'name' parameter via POST. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and...
CVE-2025-40990 Stored XSS in Creativeitem Ekushey CRM
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectbug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to...
CVE-2024-57056
Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session...
CVE-2024-57056
Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session...
CVE-2025-1230
Stored Cross-Site Scripting XSS vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘//index.php’, affecting the ‘link’ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cook...
CVE-2025-1230 Cross-Site Scripting (XSS) vulnerability in Prestashop
Stored Cross-Site Scripting XSS vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘//index.php’, affecting the ‘link’ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cook...
CVE-2024-31999
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...
The vulnerability of the microprogrammed logic controller (PLC) Advantech ADAM-5630 software, related to the ability to send a cookie session file, allows a intruder to gain unauthorized access to protected information and enhance their privileges.
The vulnerability of the microprogrammed logic controller PLC Advantech ADAM-5630 software is related to the ability to send a cookie session file. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information and enhance their privileges...
CVE-2024-39275
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user...
Express.js Cookie-Session Weak Secret Key
Express.js applications with Cookie-Session use an application key to encrypt and sign various data, including session cookies and other sensitive information. This key is typically stored in an environment variable and is used for multiple security-critical operations. When a weak or easily...