CVE-2026-41706

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

CVE-2019-16187

Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script...

CVE-2023-53972

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access...

EUVD-2019-4845

Malware in sbrugna...

EUVD-2010-4534

Malware in sbrugna...

EUVD-2012-1850

Malware in sbrugna...

EUVD-2016-5825

Malware in sbrugna...

EUVD-2015-5787

Malware in sbrugna...

EUVD-2006-3660

Malware in sbrugna...

EUVD-2022-5845

Malicious code in bioql PyPI...

EUVD-2022-7041

Malicious code in bioql PyPI...

EUVD-2022-2168

Malicious code in bioql PyPI...

EUVD-2022-3650

Malicious code in bioql PyPI...

CVE-2025-0253

CVE-2025-0253 affects HCL IEM and is described as a cookie attribute not set vulnerability caused by inconsistent security-related configurations, leading to potential information exposure. Affected software: HCL IEM (cookie handling/configuration). Underlying issue: cookie attributes not set, en...

CVE-2025-48939

tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element, it could clobber the...

WordPress Cookie-Script.com plugin <= 1.2.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by domiee13 in WordPress Plugin Cookie-Script.com versions = 1.2.1...

CVE-2023-5723

An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...

CVE-2023-28429

Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie ...

CVE-2022-42750

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user...

CVE-2022-39284

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...