Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie. This allows an unauthenticated attacker to supply a crafted session cookie that is accepted ...

GHSA-VFPX-Q664-H93M Auth0 WordPress Plugin has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It ...

CVE-2025-60305

SourceCodester Online Student Clearance System 1.0 is affected by an Incorrect Access Control vulnerability. The issue allows low-privilege users to forge high-privilege sessions and perform sensitive operations, with CVSS 3.1 base score 8.8 (HIGH) and impacts to confidentiality, integrity, and a...

EUVD-2025-33745

code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations...