CVE-2026-10167

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

Admidio writes session IDs and auto-login cookie values to application logs

Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...

CVE-2026-2128 Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor via Crafted Login Cookie

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

CVE-2026-2128 Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor via Crafted Login Cookie

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

CVE-2023-31062

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid but unprivileged account, the exploit can be executed using Burp Suite by sending a login request and...

EUVD-2019-16855

Malware in sbrugna...

EUVD-2014-4610

Malware in sbrugna...

EUVD-2008-6381

Malware in sbrugna...

EUVD-2025-26082

Malicious code in bioql PyPI...

EUVD-2024-32315

Malicious code in bioql PyPI...

CVE-2025-9376

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the 'stopbadbotscheckwordpressloggedincookie' function in all versions up to, and including, 11.58. This...

VulnCheck KEV: CVE-2021-3297

On Zyxel NBG2105 V1.00AAGU.2C0 devices, setting the login cookie to 1 provides administrator access...

PT-2025-30386 · WordPress · Bsecure

Name of the Vulnerable Software and Affected Versions: bSecure plugin for WordPress versions 1.3.7 through 1.7.9 Description: The plugin is susceptible to privilege escalation due to a missing authorization check within the order info REST endpoint. The /webhook/v2/order info/ route’s permission...

Use of Password Hash With Insufficient Computational Effort

Overview com.xuxueli:xxl-job is a distributed task scheduling framework. Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort via the XXLJOBLOGINIDENTITY in the cookie. An attacker can obtain sensitive information by exploiting weak...

CVE-2025-40632

Cross-site scripting XSS in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered...

CVE-2024-12225 Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default...

CVE-2024-12225

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default...

CVE-2024-3741

Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except 'NO' to the login cookie and have full system access...

CVE-2024-7341

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...

CVE-2024-3741

Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except 'NO' to the login cookie and have full system access...