Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to gene
CVE-2026-6768
CRITICAL CVSS 9.8
Find Similar
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by plan
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged e
CVE-2024-7053
CRITICAL CVSS 9.0
Find Similar
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default `Same
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipula
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3
CVE-2024-7261
CRITICAL CVSS 9.8
Find Similar
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and ea
CVE-2025-39410
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon:
Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF)     to modify the PCIe® lane count and speed, potentially leading to a loss of availabi
Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise.
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to
QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie tran
A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 thro
CVE-2025-34125
CRITICAL CVSS 9.3
Find Similar
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted co
CVE-2025-3463
CRITICAL CVSS 9.4
Find Similar
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to af
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and param
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process.