Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-565

CWE-565

Reliance on Cookies without Validation and Integrity Checking

Parent: CWE-642 - External Control of Critical State Data

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

74 vulnerabilities with CWE-565

CVE-2026-8337 MEDIUM

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running concurrent public surveys and private surveys

CVE-2026-0257 CRITICAL KEV

PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities

CVE-2026-39963 MEDIUM

Serendipity: Host Header Injection enables authentication cookie scoping to an attacker-controlled domain

CVE-2026-39324 CRITICAL

Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

CVE-2026-5130 HIGH

Debugger & Troubleshooter <= 1.3.2 - Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation

CVE-2025-65212 CRITICAL

NJHYST HY511 POE <2.1 - Auth Bypass

CVE-2025-14440 CRITICAL

JAY Login & Register <2.4.01 - Auth Bypass

CVE-2025-64447 HIGH

FortiWeb 7.0.0-7.0.11, 7.2.0-7.2.11, 7.4.0-7.4.10, 7.6.0-7.6.5, 8.0.0-8.0.1 - Arbitrary Operations via Forged Cookies

CVE-2025-48980 MEDIUM

Brave Browser Desktop <1.83.10 - Info Disclosure

CVE-2025-59247 HIGH

Azure PlayFab - Improper Privilege Management

CVE-2025-31120 MEDIUM

NamelessMC <2.1.4 - Info Disclosure

CVE-2025-2395 CRITICAL

U-Office Force < 28.0 - Unauthenticated Authentication Bypass via Cookie Manipulation

CVE-2024-55211 HIGH

Think Router Tk-Rt-Wr135G V3.0.2-X000 - Auth Bypass

CVE-2024-9970 HIGH

NewType FlowMaster BPM Plus - Privilege Escalation

CVE-2024-9820 MEDIUM

WP 2FA with Telegram <= 3.0 - Two-Factor Authentication Bypass via Cookie Storage

CVE-2024-21583 MEDIUM

github.com/gitpod-io/gitpod - Info Disclosure

CVE-2024-39734 MEDIUM

IBM Datacap Navigator <9.1.10 - Open Redirect

CVE-2024-0947 CRITICAL

Elektraweb <v17.0.68 - Session Credential Falsification

CVE-2024-22186 HIGH

Electrolink Compact DAB Transmitter - Privilege Escalation via Cookie Poisoning

CVE-2024-21872 HIGH

Electrolink Compact Transmitters - Authentication Bypass

CVE-2024-28288 CRITICAL

Ruijie RG-NBR700GW <10.3(4b12) - Auth Bypass

CVE-2024-28233 HIGH

JupyterHub < 4.1.0 - Cross-Site Scripting via Malicious Subdomain

CVE-2024-1551 MEDIUM

Firefox <123, Firefox ESR <115.8, Thunderbird <115.8 - XSS

CVE-2023-32725 CRITICAL

Zabbix Server and Frontend 6.0.0-6.0.20 - Session Hijacking via URL Widget Cookie Exposure

CVE-2023-45141 HIGH

Fiber < 2.50.0 - Cross-Site Request Forgery via Improper Token Validation

Page 1 of 3 Next

Details

Vulnerabilities 74

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy