16 matches found
CVE-2026-44598
With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...
CVE-2026-44598
With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...
CVE-2026-44598
Apache Shiro Jakarta EE module contains an open redirect and SSRF vulnerability (CVE-2026-44598) that affects Shiro 2.0-alpha through 2.1.0 and 3.0.0-alpha-1 when using the shiro-jakarta-ee integration. After login, the shiroSavedRequest cookie can be forged and used to redirect the server to an ...
CVE-2026-44598 Apache Shiro Jakarta EE module: Open redirect and SSRF (requires valid credentials)
With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...
CVE-2026-44598
With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...
WordPress Otter Blocks plugin <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie vulnerability
Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Otter - Gutenberg Block versions = 3.1.4...
CVE-2026-2892 Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...
CVE-2026-2892 Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...
PT-2026-36099
Name of the Vulnerable Software and Affected Versions Otter Blocks versions prior to 3.1.5 Description The plugin is subject to a purchase verification bypass. The get customer data method relies on an unsigned o stripe data cookie to determine product ownership for unauthenticated users...
CVE-2024-36466 Unauthenticated Zabbix frontend takeover when SSO is being used
A bug in the code allows an attacker to sign a forged zbxsession cookie, which then allows them to sign in with admin permissions...
CVE-2024-36466
A bug in the code allows an attacker to sign a forged zbxsession cookie, which then allows them to sign in with admin permissions...
Authentication flaw
The wpvalidateauthcookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie...
WordPress <= 3.8.1 - Multiple vulnerabilities
The wpvalidateauthcookie function in wp-includes/pluggable.php does not properly determine the validity of authentication cookies. In that way the attackers can obtain access via a forged cookie. Solution Update the plugin...
Amoy Royal Taobao guest security vulnerabilities and fixes-vulnerability warning-the black bar safety net
Official website: http://www.taodisoft.com 1, demo Station background turned out to have a place to upload pictures, does not prohibit the upload. 2, the upload image simple filtration, easy to break, Upload a php file, and can be executed. 3, the servervpsconfiguration severe lower, get a webshe...
Dig Emperor Management Platform security vulnerabilities-vulnerability warning-the black bar safety net
Official website: 1, demo Station background turned out to have a place to upload pictures, does not prohibit the upload. 2, the upload image simple filtration, easy to break, Upload a php file, and can be executed. 3, the servervpsconfiguration severe lower, get a webshell directly after is a...
CVE-2009-5014
The default quickstart configuration of TurboGears2 aka tg2 before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852...