Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-565

CWE-565

Reliance on Cookies without Validation and Integrity Checking

Parent: CWE-642 - External Control of Critical State Data

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

74 vulnerabilities with CWE-565

CVE-2023-45128 CRITICAL

Fiber < 2.50.0 - Cross-Site Request Forgery via Improper CSRF Token Validation

CVE-2023-41084 CRITICAL

Web App <version> - Info Disclosure

CVE-2023-3747 MEDIUM

Cloudflare WARP - Client-Side Enforcement Bypass via Local Date Manipulation

CVE-2023-32612 HIGH

WL-WN531AX2 <2023526 - Command Injection

CVE-2023-35885 CRITICAL

CloudPanel 2.0.0-2.3.0 - Unauthenticated Remote Code Execution via File Manager Cookie

CVE-2023-3050 CRITICAL

TMT Lockcell Firmware < 15.0 - Authentication Bypass via Unvalidated Cookie

CVE-2022-50926 CRITICAL

WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation

CVE-2022-3083 LOW

Landis+Gyr E850 (ZMQ200) - Info Disclosure

CVE-2022-38297 CRITICAL

UCMS v1.6.0 - Authentication Bypass via Cookie Poisoning

CVE-2022-36032 MEDIUM

ReactPHP HTTP 0.7.0-1.7.0 - Cookie Prefix Spoofing via URL Decoding

CVE-2022-2615 MEDIUM

Google Chrome <104.0.5112.79 - CSRF

CVE-2022-35284 HIGH

IBM Security Verify Information Queue 10.0.2 - Info Disclosure

CVE-2022-30620 HIGH

Cellinx Camera - Privilege Escalation

CVE-2022-29248 HIGH

Guzzle < 6.5.6 - Cookie Domain Validation Bypass

CVE-2022-22785 MEDIUM

Zoom Meetings < 5.10.0 - Session Cookie Spoofing via Improper Domain Validation

CVE-2022-28113 HIGH

FANTEC GmbH MWiD25-DS Firmware <2.000.030 - RCE

CVE-2022-1148 MEDIUM

GitLab CE/EE <14.7.7-14.9.2 - Info Disclosure

CVE-2021-47706 HIGH

COMMAX Biometric Access Control System 1.0.0 - Auth Bypass

CVE-2021-20450 MEDIUM

IBM Cognos Controller <11.0.0 - Open Redirect

CVE-2021-36338 MEDIUM

Unisphere for PowerMax <9.2.2.2 - Privilege Escalation

CVE-2021-41819 HIGH

Ruby CGI < 2.6.8 and CGI Gem < 0.3.1 - Cookie Security Prefix Bypass

CVE-2021-41263 HIGH

rails_multisite <4 - Info Disclosure

CVE-2021-3818 MEDIUM

Grav < 1.7.22 - Reliance on Cookies without Validation and Integrity Checking

CVE-2021-33842 HIGH

Circutor SGE-PLC1000 <0.9.2b - Auth Bypass

CVE-2021-29624 MEDIUM

fastify-csrf < 3.1.0 - Cross-Site Request Forgery Protection Bypass via Subdomain Cookie Handling

Previous Page 2 of 3 Next

Details

Vulnerabilities 74

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy