Lucene search
K

52 matches found

Snyk
Snyk
added 2026/04/08 12:15 a.m.5 views

Not Failing Securely ('Failing Open')

Overview rack-session is a session implementation for Rack. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the Rack::Session::Cookie function when it is configured with the secrets: option. An attacker can gain unauthorized access or escalate privileges...

9.8CVSS5.8AI score0.0027EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/08 12:15 a.m.7 views

EUVD-2026-19820

Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization...

9.3CVSS5.9AI score0.0027EPSS
Exploits1References2
NVD
NVD
added 2026/04/07 6:16 p.m.5 views

CVE-2026-39324

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.8CVSS0.0027EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/08 8:45 p.m.5 views

Directory Traversal

Overview @react-router/node is a Node.js platform abstractions for React Router Affected versions of this package are vulnerable to Directory Traversal via the createFileSessionStorage function. An attacker can access or modify files outside the intended session file directory by crafting a...

9.1CVSS7.4AI score0.16104EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/20 12:21 a.m.8 views

CVE-2025-63206

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...

9.8CVSS7.5AI score0.00482EPSS
Exploits1References1
NVD
NVD
added 2025/11/19 6:15 p.m.5 views

CVE-2025-63206

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...

9.8CVSS0.00482EPSS
Exploits1References2
OSV
OSV
added 2025/11/19 6:15 p.m.7 views

CVE-2025-63206

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...

9.8CVSS5.8AI score0.00482EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/19 12:0 a.m.9 views

CVE-2025-63206

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...

0.00482EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.7 views

PT-2025-47493

Name of the Vulnerable Software and Affected Versions Dasan Switch DS2924 versions 1.01.18 and 1.02.00 Description An authentication bypass exists in the web based interface of Dasan Switch DS2924. Successful exploitation allows attackers to gain escalated privileges by storing specially crafted...

6.9AI score0.00482EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.5 views

Lucee < 6.0.1.59 Remote Code Execution

Lucee versions prior to 6.0.1.59 are vulnerable to Remote Code Execution RCE via crafted cookies. An attacker can exploit this vulnerability by sending a specially crafted cookie to the server, which can lead to arbitrary code execution on the server hosting the Lucee application. No source data...

8.2AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 3:47 p.m.5 views

CVE-2024-33507

An insufficient session expiration vulnerability CWE-613 and an incorrect authorization vulnerability CWE-863 in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logg...

9.1CVSS7.5AI score0.00373EPSS
Exploits0References1
CVE
CVE
added 2025/10/14 3:23 p.m.6 views

CVE-2024-33507

CVE-2024-33507 affects FortiIsolator: multiple releases are vulnerable due to an insufficient session expiration (CWE-613) and an incorrect authorization flaw (CWE-863). A remote unauthenticated attacker can deauthenticate logged-in administrators by sending a crafted cookie, and a remote authent...

9.1CVSS7.1AI score0.00373EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/14 3:23 p.m.10 views

CVE-2024-33507

An insufficient session expiration vulnerability CWE-613 and an incorrect authorization vulnerability CWE-863 in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logg...

7.4CVSS0.00373EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18701

Malware in sbrugna...

7.5CVSS7.4AI score0.02EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2014-2168

Malware in sbrugna...

5CVSS9AI score0.01906EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/09/26 8:36 a.m.2 views

CVE-2025-11021

A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in...

7.5CVSS6.4AI score0.00594EPSS
Exploits0References17
RedHat Linux
RedHat Linux
added 2025/03/17 4:11 p.m.9 views

python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...

7.5CVSS5.8AI score0.01051EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/03/17 1:35 a.m.6 views

python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...

7.5CVSS5.8AI score0.01051EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/03/10 6:47 p.m.7 views

python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...

7.5CVSS5.8AI score0.01051EPSS
Exploits0References7
NVD
NVD
added 2024/09/03 3:15 a.m.39 views

CVE-2024-7261

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70ABVT.4 and earlier, WAC500 firmware version 6.70ABVS.4 and earlier, WAX655E firmware version 7.00ACDO.1 and earlier, WBE530 firmware version 7.00ACLE.1 and earlier,...

9.8CVSS0.11269EPSS
Exploits0References1
Rows per page
Query Builder