52 matches found
GHSA-542P-WVX7-72M4 Litestar has HTML Injection Through its CSRF Token
Overview Litestar instances which use a template engine in conjunction with CSRF protection are vulnerable to HTML Injection which can be escalated to Cross Site Scripting due to the contents of the CSRF cookie being excluded from automatic escaping by the template engine when configured inline...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized string concatenation in the authglinet middleware when the application is started in GLiNET mode. An attacker can gain full administrative access by supplying a crafted path traversal sequence in the...
CVE-2026-41448 AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie
AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...
AdGuardHome 路径遍历漏洞
AdGuardHome is a DNS blocking service developed by the AdguardTeam. It prevents advertisements and trackers from reaching users across the network. AdGuardHome has a path traversal vulnerability, which stems from authentication bypass. This vulnerability allows unauthenticated attackers to obtain...
CVE-2026-46398
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...
CVE-2026-46398
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...
EUVD-2026-34893
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...
CVE-2026-46398 HAX CMS Missing Secure Flag on Cookie
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...
CVE-2026-46398
HAX CMS vulnerability: the haxcms_refresh_token cookie is set without the Secure flag in versions 25.0.0 through
HAXCMS 安全漏洞
HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS from 25.0.0 to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the haxcmsrefreshtoken cookie did not have the Secure flag set. This allowed the token to be...
CVE-2019-25729 PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...
EUVD-2019-20165
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...
Simcy Creative PDF Signer 跨站请求伪造漏洞
Simcy Creative PDF Signer is a PDF document signing and editing software developed by Simcy Creative. Version 3.0 of Simcy Creative PDF Signer contains a cross-site request forgeing vulnerability. This vulnerability stems from injecting PHP commands through the CSRF-TOKEN cookie parameter, allowi...
EUVD-2026-33364
MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resourcetoken cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal network protection...
CVE-2026-10107 MoviePilot v2 SSRF via /api/v1/system/img/{proxy} Endpoint
MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resourcetoken cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal network protection...
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
Summary The refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh endpoint...
PT-2026-42676
Name of the Vulnerable Software and Affected Versions NocoDB affected versions not specified Description The refresh-token cookie is configured with httpOnly: true but lacks the secure flag and the sameSite attribute. The absence of the secure flag allows the cookie to be intercepted over plain...
CVE-2023-7337
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied...
CVE-2022-42188
In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server...
CVE-2025-34291
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration alloworigins='' with allowcredentials=True combined with a refresh token cookie configured as SameSite=None allows a malicio...