2159 matches found
Admidio writes session IDs and auto-login cookie values to application logs
Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...
Sensitive Cookie in HTTPS Session Without "Secure" Attribute
Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute in the for...
Sensitive Cookie in HTTPS Session Without "Secure" Attribute
Overview org.apache.shiro:shiro-web is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute in the form...
CVE-2026-43828 Apache Shiro: Shiro's native session and rememberMe cookies do not have secure flag set by default
Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...
PT-2026-43119
Name of the Vulnerable Software and Affected Versions Apache Shiro versions 1.0 through 2.1.0 Apache Shiro version 3.0.0-alpha-1 Description Default configurations cause the Shiro-native session manager and the Remember-Me manager to send JSESSIONID and rememberMe cookies without the 'Secure'...
Astra Linux – Vulnerability in Flask
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...
CVE-2026-36829
CVE-2026-36829 affects Panabit PAP-XM320 (up to v7.7). The embedded HTTP server authenticates via a cookie-based value checked against the filesystem, using a user-controlled cookie without proper sanitization. This leads to a directory traversal scenario and authentication bypass, enabling bypas...
GHSA-QXVM-R42F-5P8J AVideo's Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the uploaded filename and calls passwordless `User->login()`, allowing any caller with the Meet shared secret to obtain a session as arbitrary users including admin
Summary Type: Authorization-bypass via user-controlled identifier. The Meet plugin's recorded-video upload endpoint plugin/Meet/uploadRecordedVideo.json.php authenticates the caller using a single shared Authorization: Bearer against $objM-secret. Once that check passes, the endpoint reads the...
CVE-2026-44511
Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...
curl: cookie: case-insensitive path comparison in replace_existing() allows cookie eviction across distinct paths
Hi all, replaceexisting in lib/cookie.c compares cookie paths case-insensitively at two sites. On case-sensitive servers, /Admin and /admin are distinct resources and are supposed to produce distinct jar entries. Because libcurl conflates them, a Set-Cookie at one path silently evicts the cookie ...
STEL Order 跨站脚本漏洞
STEL Order is an ERP, CRM, and online billing management platform developed by the Spanish company STEL for small and medium-sized enterprises. Versions of STEL Order prior to 3.25.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleaning of the...
CVE-2026-45228 Quark Drive (quark-auto-save) < 0.8.5 Stored XSS via System Configuration
Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...
CVE-2026-45228
Quark Drive
CVE-2026-42190
RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a server action with the...
PT-2026-40544
Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.18.0 Description SillyTavern uses cookie-session for authentication, where session data such as user handles and permissions are stored in a signed cookie. The endpoints "POST /api/users/change-password" and "PO...
CVE-2021-47923
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized...
PT-2026-39654
Name of the Vulnerable Software and Affected Versions HireFlow version 1.2 Description The software fails to implement Cross-Site Request Forgery CSRF token validation on state-changing POST endpoints. This allows an attacker to trick an authenticated user into visiting a malicious page to perfor...
CVE-2026-38566
HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...
CVE-2026-38566
CVE-2026-38566 affects HireFlow v1.2. The issue is CSRF on all state-changing POST endpoints (e.g., /profile password change, /candidates/delete/, /feedback/add/, /interviews/add) due to missing CSRF token validation and no SESSION_COOKIE_SAMESITE configuration. Root cause: CSRF token validation ...
User Impersonation
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to User Impersonation via the OCSESSID cookie. An attacker can gain unauthorized access to user accounts by injecting arbitrary values into the session cookie, allowing session takeover...