CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

198 matches found

CVE-2026-2128

The Breeze WordPress Cache plugin (versions up to 2.5.2) is vulnerable due to improper verification of the wordpress_logged_in_ cookie in inc/cache/execute-cache.php when Cache Logged-in Users is enabled. An unauthenticated attacker can present a crafted cookie (e.g., wordpress_logged_in_fake=adm...

5.3CVSS5.8AI score0.00045EPSS

Exploits0References7

ATTACKERKB•added 2026/05/19 9:25 a.m.•7 views

CVE-2026-46725

The extension passes an attacker-controlled cookie directly to PHP's unserialize without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation...

9.2CVSS5.8AI score0.03271EPSS

Exploits1References2Affected Software1

Snyk•added 2026/04/08 12:17 a.m.•1 views

HTTP Response Splitting

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the setCookie function. An attacker can cause runtime errors and potentially disrupt application behavior by supplying specially crafted input as the cookie...

6.9CVSS5.8AI score

Exploits0References2

UbuntuCve•added 2026/04/07 6:16 p.m.•1 views

CVE-2026-39324

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.8CVSS5.9AI score0.00064EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 11:24 a.m.•1 views

CVE-2021-31826

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable for a daemon crash on systems not using this feature if a crafted cookie is supplied...

7.5CVSS6.8AI score0.01478EPSS

Exploits1References1

UbuntuCve•added 2026/01/06 12:0 a.m.•2 views

CVE-2025-69230

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...

6.9CVSS7AI score0.00011EPSS

Exploits0References3

AlpineLinux•added 2026/01/05 11:47 p.m.•2 views

CVE-2025-69230

6.9CVSS6.7AI score0.00011EPSS

Exploits0

EUVD•added 2025/12/31 9:30 p.m.•2 views

EUVD-2025-206084

NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a specific cookie to...

8.7CVSS6.6AI score0.00103EPSS

Exploits1References5

VulnCheck KEV•added 2025/11/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-18365

The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...

9.8CVSS6.1AI score0.33438EPSS

In wildExploits1References2

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2017-17181

Malware in sbrugna...

6.5CVSS6.6AI score0.00267EPSS

Exploits2References2

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2020-21401

Malware in sbrugna...

5.3CVSS5.3AI score0.00986EPSS

Exploits0References2