Skip to main content

CWE-315

Cleartext Storage of Sensitive Information in a Cookie

5 CVEs Avg CVSS 7.9 MITRE
2
CRITICAL
2
HIGH
1
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-25818 CRITICAL Act Now

Weak encryption in HMS Networks Ewon Flexy/Cosy+ firmware.

Information Disclosure
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2024-41290 HIGH This Week

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Flatpress
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-8644 CRITICAL Act Now

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).0.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Valeapp
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-24768 Go HIGH PATCH This Week

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure 1panel
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-34564 MEDIUM This Month

Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Wha Gw F2D2 0 As Z2 Eth Firmware Wha Gw F2D2 0 As Z2 Eth Eip Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
EPSS 0% CVSS 9.1
CRITICAL Act Now

Weak encryption in HMS Networks Ewon Flexy/Cosy+ firmware.

Information Disclosure
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Flatpress
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).0.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Valeapp
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure 1panel
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Wha Gw F2D2 0 As Z2 Eth Firmware Wha Gw F2D2 0 As Z2 Eth Eip Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy