Falhas do tipo CWE-565
40 resultadosCVE-2024-21583MEDIUMVersions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gEPSS 0.6%CVE-2024-21872HIGHElectrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity CheckingEPSS 0.6%CVE-2024-22186HIGHElectrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity CheckingEPSS 0.5%CVE-2025-2395CRITICALe-Excellence U-Office Force - Improper AuthenticationEPSS 0.5%CVE-2024-0947CRITICALCookies Manipulation in Talya Informatics' ElektrawebEPSS 0.5%CVE-2022-50926HIGHWAGO 750-8212 PFC200 G2 2ETH RS Privilege EscalationEPSS 0.5%CVE-2021-47706HIGHCOMMAX Biometric Access Control System Authentication BypassEPSS 0.4%CVE-2021-33842HIGHCircutor SGE-PLC1000 improper authenticationEPSS 0.4%CVE-2026-5130HIGHDebugger & Troubleshooter <= 1.3.2 - Unauthenticated Privilege Escalation to Administrator via Cookie ManipulationEPSS 0.4%CVE-2025-31120MEDIUMNamelessMC Vulnerable to Cookie-Based View Count ManipulationEPSS 0.4%CVE-2021-20450MEDIUMIBM Cognos Controller information disclosureEPSS 0.4%CVE-2026-53871HIGHHermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile CookieEPSS 0.4%CVE-2024-28233HIGHXSS in JupyterHub via Self-XSS leveraged by Cookie TossingEPSS 0.3%CVE-2023-45128CRITICALCSRF Token Reuse Vulnerability in fiberEPSS 0.3%CVE-2026-39324CRITICALRack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserializationEPSS 0.3%CVE-2023-45141HIGHCSRF Token Validation Vulnerability in fiberEPSS 0.3%CVE-2025-48980MEDIUMIn Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu itemEPSS 0.3%CVE-2024-55211HIGHAn issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie.EPSS 0.2%CVE-2026-39963MEDIUMSerendipity: Host Header Injection enables authentication cookie scoping to an attacker-controlled domainEPSS 0.2%CVE-2026-8337MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running concurrent public surveys and private surveysEPSS 0.2%