GHSA-C77M-R996-JR3Q SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark

Summary The publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccessnil, .... Because the filter treats a nil context as authorized,...

CVE-2026-27520 Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can...

CVE-2026-27520 Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can...

PT-2024-19558 · Intelbras · Intelbras Action Rf 1200

Name of the Vulnerable Software and Affected Versions: Intelbras Action RF 1200 routers versions 1.2.2 and earlier Intelbras Action RG 1200 routers versions 2.1.7 and earlier Description: The issue exposes the password in cookie, resulting in login bypass. This allows unauthorized access to the...

Vade Secure Gateway 跨站脚本漏洞

Vade Secure Gateway is an engineering intelligence-driven collaborative email security from Vade Secure. A security vulnerability exists in Vade Secure Gateway. An attacker can exploit the vulnerability to execute arbitrary code via the username, password and language cookie parameters...

Sql injection

SQL injection vulnerability in Coppermine Photo Gallery CPG before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component...

CVE-2007-3558

SQL injection vulnerability in Coppermine Photo Gallery CPG before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component...