Weaknesses of type CWE-565
40 resultsCVE-2026-0257HIGHPAN-OS: GlobalProtect Authentication Bypass VulnerabilitiesEPSS 86.7%KEVCVE-2023-35885CRITICALCloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.EPSS 75.3%CVE-2025-64447HIGHA reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 throuEPSS 7.4%CVE-2025-65212CRITICALAn issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cEPSS 4.6%CVE-2021-41819HIGHCGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.EPSS 2.9%CVE-2021-3818MEDIUMReliance on Cookies without Validation and Integrity Checking in getgrav/gravEPSS 2.4%CVE-2018-5455—A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 1606EPSS 1.6%CVE-2025-59247HIGHAzure PlayFab Elevation of Privilege VulnerabilityEPSS 1.4%CVE-2023-32725CRITICALLeak of zbx_session cookie when using a scheduled report that includes a dashboard with a URL widget.EPSS 0.8%CVE-2014-125112CRITICALPlack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code executionEPSS 0.8%CVE-2021-29624MEDIUMLack of protection against cookie tossing attacks in fastify-csrfEPSS 0.8%CVE-2022-36032MEDIUMReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sentEPSS 0.8%CVE-2024-1551MEDIUMSet-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type responEPSS 0.7%CVE-2024-28288CRITICALRuijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulEPSS 0.7%CVE-2025-14440CRITICALJAY Login & Register <= 2.4.01 - Authentication Bypass via CookieEPSS 0.7%CVE-2020-15128MEDIUMReliance on Cookies without validation in OctoberCMSEPSS 0.7%CVE-2021-41263HIGHSecure/signed cookies share secrets between sites in rails_multisiteEPSS 0.6%CVE-2024-9970HIGHNewType FlowMaster BPM Plus - Privilege EscalationEPSS 0.6%CVE-2023-41084CRITICALSocomec MOD3GP-SY-120K Reliance on Cookies without Validation and Integrity CheckingEPSS 0.6%CVE-2023-32612—Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker EPSS 0.6%