Lucene search
+L

13 matches found

EUVD
EUVD
added 2026/07/02 4:6 p.m.8 views

EUVD-2026-41411

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS5.8AI score0.00243EPSS
Exploits0References5
OSV
OSV
added 2026/06/19 9:16 p.m.17 views

GHSA-PR33-38XX-6R26 http4k: BasicCookieStorage` (renamed `InsecureCookieStorage`) did not enforce RFC 6265 cookie scoping; new `DefaultCookieStorage` is now the default

Impact The previous BasicCookieStorage did not enforce RFC 6265 scoping rules around cookie domain, path, and Secure attribute. A client using a single storage instance to talk to multiple origins could have cookies leak across domains, or have Secure cookies sent over plain HTTP — the deprecatio...

6.9CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-22024

Malware in sbrugna...

10CVSS9.2AI score0.03191EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.39 views

CVE-2024-7053 Session Fixation in open-webui/open-webui

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...

7.6CVSS0.00659EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2023/11/14 5:0 p.m.5 views

node-undici: cookie leakage

A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have...

3.9CVSS7.3AI score0.01223EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2021/08/04 12:0 a.m.296 views

Riak Insecure Default Configuration / Remote Command Execution

Riak KV Insecure Default Cookie RCE ===== Intro ===== Riak is a NoSQL key-value database that is built to maximize data availability and performance, especially useful for eg. big data environments. It's built to survive data and network failures with design principles similar to DynamoDB while...

0.9AI score
Exploits0
CNVD
CNVD
added 2021/05/28 12:0 a.m.8 views

MesaLabs AmegaView Authentication Bypass Vulnerability

MesaLabs AmegaView is a continuous monitoring system CMS from MesaLabs USA. A security vulnerability exists in MesaLabs AmegaView 3.0 and prior versions that can be exploited by an attacker to gain access using a default cookie that can be set to bypass authentication to the web application...

9.8CVSS7.2AI score0.00983EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.5 views

MesaLabs AmegaView 安全漏洞

MesaLabs AmegaView is a continuous monitoring system CMS from MesaLabs USA. A security vulnerability exists in MesaLabs AmegaView 3.0 and prior versions that can be exploited by an attacker to gain access using a default cookie that can be set to bypass authentication to the web application...

9.8CVSS5.7AI score0.00983EPSS
Exploits0References4
OSV
OSV
added 2020/12/10 9:15 a.m.4 views

CVE-2020-29667

In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...

9.8CVSS7.3AI score0.03191EPSS
Exploits0References2
NVD
NVD
added 2020/12/10 9:15 a.m.23 views

CVE-2020-29667

In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...

10CVSS9.4AI score0.03191EPSS
Exploits0References2
Prion
Prion
added 2020/12/10 9:15 a.m.17 views

Session fixation

In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...

10CVSS9.3AI score0.03191EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/12/10 8:7 a.m.50 views

CVE-2020-29667

The CVE-2020-29667 entry affects Lan ATMService M3 ATM Monitoring System 6.1.0. Reported weakness: Insufficient session expiration enabled by using a default cookie value (e.g., PHPSESSID=LANIT-IMANAGER), which an unauthenticated remote attacker can exploit to gain control over the system. Connec...

10CVSS9.3AI score0.03191EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/12/10 8:7 a.m.30 views

CVE-2020-29667

In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...

9.4AI score0.03191EPSS
Exploits0References2
Rows per page
Query Builder