Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to gene
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by plan
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a
a valid session cookie access to privileged e
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default `Same
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipula
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4)
and ea
Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon:
Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF) to modify the PCIe® lane count and speed, potentially leading to a loss of availabi
Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise.
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent
authenticated
attacker to execute arbitrary code. Successful exploitation could allow an attacker to
QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie tran
A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 thro
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted co
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to af
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and param
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process.