CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

RedhatCVE•added 2026/05/13 8:23 p.m.•6 views

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00035EPSS

Exploits0References1

EUVD•added 2026/03/31 12:31 a.m.•1 views

EUVD-2026-17245

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...

8.8CVSS5.8AI score0.00038EPSS

Exploits0References5

CISA KEV Catalog•added 2026/03/16 12:0 a.m.•9 views

Wing FTP Server Information Disclosure Vulnerability

Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie...

4.3CVSS7.3AI score0.26923EPSS

In wildExploits23

Cvelist•added 2026/02/09 7:39 a.m.•31 views

CVE-2026-22903 Stack Overflow via SESSIONID Cookie in lighttpd

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections...

9.8CVSS0.00684EPSS

Exploits0References1

Positive Technologies•added 2026/02/09 12:0 a.m.•3 views

PT-2026-7081

Name of the Vulnerable Software and Affected Versions lighttpd affected versions not specified Description An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the lighttpd server, potentially...

9.8CVSS6.6AI score0.00684EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-3789

Malware in sbrugna...

5CVSS6.4AI score0.00207EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-0175

Malware in sbrugna...

6.8CVSS5.9AI score0.00558EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-31811

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00332EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-32129

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00042EPSS

Exploits0References2

Cvelist•added 2025/08/16 7:25 a.m.•6 views

CVE-2025-8464 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7guestuserid cookie. This makes it possible for unauthenticated attackers to upload and delete files outside of the...

5.3CVSS0.01988EPSS

Exploits0References5

RedhatCVE•added 2025/05/22 10:35 p.m.•4 views

CVE-2022-27305

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation...

8.8CVSS6.8AI score0.00332EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:26 a.m.•2 views

CVE-2014-3791

Stack-based buffer overflow in Easy File Sharing EFS Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp...

10CVSS8.3AI score0.77234EPSS

Exploits6References1

BDU FSTEC•added 2023/02/13 12:0 a.m.•2 views

The vulnerability of the Telnet service of the TOTOLINK N200RE V5 router’s microprogramming system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Telnet service provided by the TOTOLINK N200RE V5 microprogramming router lies in the use of strictly encrypted login credentials, with the SESSIONID file stored in a cookie. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected...

8.3CVSS0.01776EPSS

Exploits1References4Affected Software1

OSV•added 2022/05/12 10:15 p.m.•1 views

CVE-2021-27771

User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID SID. This value is also used when sending chat messages,...

7.6CVSS5.8AI score

Exploits0References1

Positive Technologies•added 2022/02/28 12:0 a.m.•3 views

PT-2022-17700 · Cherwell · Cherwell Service Management

Name of the Vulnerable Software and Affected Versions: Cherwell Service Management version 10.2.3 Description: An issue was discovered in the web application where the ASP.NET Sessionid cookie is not protected by the Secure flag, making it prone to interception by an attacker if traffic is sent...

5.3CVSS5.1AI score0.0017EPSS

Exploits0References5

Prion•added 2017/09/11 9:29 a.m.•14 views

Sql injection

SQL Injection exists in the EyesOfNetwork web interface aka eonweb 5.1-0 via the groupid cookie to side.php...

7.5CVSS9.7AI score0.0025EPSS

Exploits1References1Affected Software1

RedHat Linux•added 2016/05/12 4:19 p.m.•5 views

haproxy: Setting cookie containing internal IP address of a pod

An information disclosure flaw was discovered in haproxy as used by OpenShift Enterprise; a cookie with the name "OPENSHIFTnamespaceSERVERID" was set, which contained the internal IP address of a pod...

3.3CVSS5.8AI score0.00048EPSS

Exploits0References4

Cvelist•added 2014/08/07 10:0 a.m.•16 views

CVE-2014-3852

Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

6.1AI score0.00207EPSS

Exploits1References2