CWE-565 · Reliance on Cookies without Validation and Integrity Checking
34 CVEs classified under CWE-565 (Reliance on Cookies without Validation and Integrity Checking). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-45128 | Critical | 10.0 | 2023-10-16 | Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allow… |
CVE-2023-41084 | Critical | 10.0 | 2023-09-18 | Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the… |
CVE-2014-125112 | Critical | 9.8 | 2026-03-26 | Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a… |
CVE-2022-50926 | Critical | 9.8 | 2026-01-13 | WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can… |
CVE-2025-14440 | Critical | 9.8 | 2025-12-13 | The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authent… |
CVE-2025-2395 | Critical | 9.8 | 2025-03-17 | The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter… |
CVE-2024-0947 | Critical | 9.8 | 2024-06-27 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Man… |
CVE-2023-3050 | Critical | 9.8 | 2023-06-13 | Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypas… |
CVE-2017-7279 | Critical | 9.8 | 2017-04-12 | An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. |
CVE-2023-32725 | Critical | 9.6 | 2023-12-18 | The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be use… |
CVE-2026-0257 | Critical | 9.1 | 2026-05-13 | Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security res… |
CVE-2026-5130 | High | 8.8 | 2026-03-30 | The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due t… |
CVE-2025-59247 | High | 8.8 | 2025-10-09 | Azure PlayFab Elevation of Privilege Vulnerability |
CVE-2024-9970 | High | 8.8 | 2024-10-15 | The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to… |
CVE-2024-22186 | High | 8.8 | 2024-04-18 | The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to beco… |
CVE-2021-33842 | High | 8.8 | 2021-06-09 | Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an au… |
CVE-2017-6896 | High | 8.8 | 2017-03-14 | Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just… |
CVE-2023-45141 | High | 8.6 | 2023-10-16 | Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allow… |
CVE-2021-41263 | High | 8.3 | 2021-11-15 | rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite… |
CVE-2024-28233 | High | 8.1 | 2024-03-27 | JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS d… |