Skip to main content

CWE-565

Reliance on Cookies without Validation and Integrity Checking

45 CVEs Avg CVSS 8.0 MITRE
15
CRITICAL
16
HIGH
14
MEDIUM
0
LOW
12
POC
1
KEV

Monthly

CVE-2026-53871 HIGH PATCH This Week

Cross-profile authorization bypass in Hermes WebUI before 0.51.368 allows authenticated users to access sessions, files, and resources belonging to other profiles by forging the hermes_profile cookie. The flaw lives in get_profile_cookie(), which trusted attacker-supplied profile names without binding them to the authenticated session. VulnCheck reported the issue and an upstream patch is available; no public exploit identified at time of analysis.

Authentication Bypass Hermes Webui
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-0257 HIGH POC KEV PATCH THREAT Act Now

Authentication bypass in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS allows remote attackers to establish unauthorized VPN connections without valid credentials. The flaw is confirmed actively exploited (CISA KEV) and publicly available exploit code exists, though EPSS remains low at 0.05%, suggesting targeted rather than mass exploitation. Panorama and Cloud NGFW deployments are not affected, but PAN-OS firewalls and Prisma Access tenants running vulnerable trains are exposed.

Paloalto Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
7.8
EPSS
0.1%
Threat
4.6
CVE-2026-39963 PHP MEDIUM PATCH GHSA This Month

Serendipity's serendipity_setCookie() function accepts unsanitized HTTP_HOST header values as the cookie domain parameter, allowing remote attackers to scope authentication cookies (session tokens, auto-login tokens) to attacker-controlled domains and facilitate session hijacking. The vulnerability requires user interaction (victim authentication during poisoned Host header) and man-in-the-middle or reverse proxy misconfiguration to exploit, affecting all versions of Serendipity that use the vulnerable function. A proof-of-concept demonstrating cookie domain poisoning exists; exploitation probability is moderate (EPSS 6.9, CVSS AC:H reflects attack complexity), and no evidence of active exploitation has been identified.

Privilege Escalation PHP
NVD GitHub
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-5130 HIGH This Week

Unauthenticated privilege escalation in Debugger & Troubleshooter WordPress plugin (versions ≤1.3.2) allows remote attackers to gain administrator access by manipulating a cookie value. Attackers can set the wp_debug_troubleshoot_simulate_user cookie to any user ID without cryptographic validation, bypassing all authentication and authorization checks to immediately impersonate administrators. No public exploit code confirmed at time of analysis, though the attack mechanism is straightforward requiring only cookie manipulation. CVSS 8.8 with network-based attack vector and low complexity indicates significant real-world risk for unpatched installations. Vendor-released patch in version 1.4.0 implements cryptographic token validation.

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2014-125112 CRITICAL PATCH Act Now

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization RCE Plack
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2022-50926 CRITICAL POC Act Now

WAGO PFC200 G2 PLC (firmware affected) allows privilege escalation through cookie manipulation. Users can modify cookie values to gain admin privileges. PoC available.

Golang Privilege Escalation
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-65212 CRITICAL POC Act Now

NJHYST HY511 POE core (before 2.1) allows unauthenticated download of the configuration file containing usernames and self-decrypted MD5 passwords, due to insufficient cookie verification. PoC available.

Authentication Bypass Hy511 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14440 CRITICAL Act Now

Authentication bypass in JAY Login & Register plugin for WordPress versions ≤2.4.01 allows unauthenticated remote attackers to impersonate any site user, including administrators, by exploiting flawed cookie validation in the user-switching function. Attackers require only knowledge of target user IDs to gain complete account access without credentials. No public exploit identified at time of analysis.

WordPress Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-31120 MEDIUM POC PATCH This Month

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nameless
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-55211 HIGH POC This Week

An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tk Rt Wr135G Firmware
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Cross-profile authorization bypass in Hermes WebUI before 0.51.368 allows authenticated users to access sessions, files, and resources belonging to other profiles by forging the hermes_profile cookie. The flaw lives in get_profile_cookie(), which trusted attacker-supplied profile names without binding them to the authenticated session. VulnCheck reported the issue and an upstream patch is available; no public exploit identified at time of analysis.

Authentication Bypass Hermes Webui
NVD GitHub VulDB
EPSS 0% 4.6 CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Authentication bypass in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS allows remote attackers to establish unauthorized VPN connections without valid credentials. The flaw is confirmed actively exploited (CISA KEV) and publicly available exploit code exists, though EPSS remains low at 0.05%, suggesting targeted rather than mass exploitation. Panorama and Cloud NGFW deployments are not affected, but PAN-OS firewalls and Prisma Access tenants running vulnerable trains are exposed.

Paloalto Authentication Bypass
NVD VulDB GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Serendipity's serendipity_setCookie() function accepts unsanitized HTTP_HOST header values as the cookie domain parameter, allowing remote attackers to scope authentication cookies (session tokens, auto-login tokens) to attacker-controlled domains and facilitate session hijacking. The vulnerability requires user interaction (victim authentication during poisoned Host header) and man-in-the-middle or reverse proxy misconfiguration to exploit, affecting all versions of Serendipity that use the vulnerable function. A proof-of-concept demonstrating cookie domain poisoning exists; exploitation probability is moderate (EPSS 6.9, CVSS AC:H reflects attack complexity), and no evidence of active exploitation has been identified.

Privilege Escalation PHP
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Unauthenticated privilege escalation in Debugger & Troubleshooter WordPress plugin (versions ≤1.3.2) allows remote attackers to gain administrator access by manipulating a cookie value. Attackers can set the wp_debug_troubleshoot_simulate_user cookie to any user ID without cryptographic validation, bypassing all authentication and authorization checks to immediately impersonate administrators. No public exploit code confirmed at time of analysis, though the attack mechanism is straightforward requiring only cookie manipulation. CVSS 8.8 with network-based attack vector and low complexity indicates significant real-world risk for unpatched installations. Vendor-released patch in version 1.4.0 implements cryptographic token validation.

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization RCE Plack
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

WAGO PFC200 G2 PLC (firmware affected) allows privilege escalation through cookie manipulation. Users can modify cookie values to gain admin privileges. PoC available.

Golang Privilege Escalation
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

NJHYST HY511 POE core (before 2.1) allows unauthenticated download of the configuration file containing usernames and self-decrypted MD5 passwords, due to insufficient cookie verification. PoC available.

Authentication Bypass Hy511 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Authentication bypass in JAY Login & Register plugin for WordPress versions ≤2.4.01 allows unauthenticated remote attackers to impersonate any site user, including administrators, by exploiting flawed cookie validation in the user-switching function. Attackers require only knowledge of target user IDs to gain complete account access without credentials. No public exploit identified at time of analysis.

WordPress Authentication Bypass
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nameless
NVD GitHub
EPSS 0% CVSS 8.4
HIGH POC This Week

An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tk Rt Wr135G Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy