Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-7266

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-02 Jul, 2019 | 16:46
Updated At-04 Aug, 2024 | 20:46
Rejected At-
Credits

Linear eMerge 50P/5000P devices allow Authentication Bypass.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:02 Jul, 2019 | 16:46
Updated At:04 Aug, 2024 | 20:46
Rejected At:
▼CVE Numbering Authority (CNA)

Linear eMerge 50P/5000P devices allow Authentication Bypass.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://applied-risk.com/labs/advisories
x_refsource_MISC
https://www.applied-risk.com/resources/ar-2019-006
x_refsource_MISC
http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html
x_refsource_MISC
https://www.us-cert.gov/ics/advisories/icsa-20-184-01
x_refsource_MISC
Hyperlink: https://applied-risk.com/labs/advisories
Resource:
x_refsource_MISC
Hyperlink: https://www.applied-risk.com/resources/ar-2019-006
Resource:
x_refsource_MISC
Hyperlink: http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html
Resource:
x_refsource_MISC
Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-20-184-01
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://applied-risk.com/labs/advisories
x_refsource_MISC
x_transferred
https://www.applied-risk.com/resources/ar-2019-006
x_refsource_MISC
x_transferred
http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html
x_refsource_MISC
x_transferred
https://www.us-cert.gov/ics/advisories/icsa-20-184-01
x_refsource_MISC
x_transferred
Hyperlink: https://applied-risk.com/labs/advisories
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.applied-risk.com/resources/ar-2019-006
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-20-184-01
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:02 Jul, 2019 | 17:15
Updated At:13 Oct, 2022 | 19:46

Linear eMerge 50P/5000P devices allow Authentication Bypass.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
nortekcontrol
nortekcontrol
>>linear_emerge_50p_firmware>>Versions up to 4.6.07(inclusive)
cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*
nortekcontrol
nortekcontrol
>>linear_emerge_50p>>-
cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*
nortekcontrol
nortekcontrol
>>linear_emerge_5000p_firmware>>Versions up to 4.6.07(inclusive)
cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*
nortekcontrol
nortekcontrol
>>linear_emerge_5000p>>-
cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-565Primarynvd@nist.gov
CWE ID: CWE-565
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.htmlcve@mitre.org
Third Party Advisory
VDB Entry
https://applied-risk.com/labs/advisoriescve@mitre.org
Broken Link
Not Applicable
Third Party Advisory
https://www.applied-risk.com/resources/ar-2019-006cve@mitre.org
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-184-01cve@mitre.org
Third Party Advisory
US Government Resource
Hyperlink: http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://applied-risk.com/labs/advisories
Source: cve@mitre.org
Resource:
Broken Link
Not Applicable
Third Party Advisory
Hyperlink: https://www.applied-risk.com/resources/ar-2019-006
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-20-184-01
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

24Records found
CVE-2019-7257
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-37.71% / 97.09%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 18:16
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linear eMerge E3-Series devices allow Unrestricted File Upload.

Action-Not Available
Vendor-nortekcontroln/a
Product-linear_emerge_essential_firmwarelinear_emerge_elitelinear_emerge_elite_firmwarelinear_emerge_essentialn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-7264
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.66%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 16:58
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform.

Action-Not Available
Vendor-nortekcontroln/a
Product-linear_emerge_essential_firmwarelinear_emerge_elitelinear_emerge_elite_firmwarelinear_emerge_essentialn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7269
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-19.80% / 95.29%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 16:40
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.

Action-Not Available
Vendor-nortekcontroln/a
Product-linear_emerge_50p_firmwarelinear_emerge_50plinear_emerge_5000p_firmwarelinear_emerge_5000pn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-7256
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.25% / 99.92%
||
7 Day CHG-0.16%
Published-02 Jul, 2019 | 00:00
Updated-06 Nov, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-04-15||Contact the vendor for guidance on remediating firmware, per their advisory.

Linear eMerge E3-Series devices allow Command Injections.

Action-Not Available
Vendor-nortekcontroln/anortekcontrolNice
Product-linear_emerge_elitelinear_emerge_essentiallinear_emerge_elite_firmwarelinear_emerge_essential_firmwaren/alinear_emerge_essential_firmwarelinear_emerge_elite_firmwareLinear eMerge E3-Series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-7261
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.55%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 17:03
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linear eMerge E3-Series devices have Hard-coded Credentials.

Action-Not Available
Vendor-nortekcontroln/a
Product-linear_emerge_essential_firmwarelinear_emerge_elitelinear_emerge_elite_firmwarelinear_emerge_essentialn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-7253
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.90% / 75.19%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 18:53
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linear eMerge E3-Series devices allow Directory Traversal.

Action-Not Available
Vendor-nortekcontroln/a
Product-linear_emerge_essential_firmwarelinear_emerge_elitelinear_emerge_elite_firmwarelinear_emerge_essentialn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-31499
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.51% / 99.73%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 22:09
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.

Action-Not Available
Vendor-nortekcontroln/a
Product-emerge_e3_firmwareemerge_e3n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-7267
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.66% / 81.72%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 16:45
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linear eMerge 50P/5000P devices allow Cookie Path Traversal.

Action-Not Available
Vendor-nortekcontroln/a
Product-linear_emerge_50p_firmwarelinear_emerge_50plinear_emerge_5000p_firmwarelinear_emerge_5000pn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-7265
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-42.22% / 97.35%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 16:49
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).

Action-Not Available
Vendor-nortekcontroln/a
Product-linear_emerge_essential_firmwarelinear_emerge_elitelinear_emerge_elite_firmwarelinear_emerge_essentialn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-9441
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-9.8||CRITICAL
EPSS-54.04% / 97.94%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 18:50
Updated-04 Oct, 2024 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linear eMerge e3-Series Forgot Password Command Injection

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.

Action-Not Available
Vendor-Linearnortekcontrol
Product-eMerge e3-Seriesemerge_e3_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-50926
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.10% / 28.25%
||
7 Day CHG+0.01%
Published-13 Jan, 2026 | 22:51
Updated-14 Jan, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation

WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication.

Action-Not Available
Vendor-Wago
Product-WAGO 750-8212 PFC200
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2022-38297
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.47%
||
7 Day CHG~0.00%
Published-12 Sep, 2022 | 22:10
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.

Action-Not Available
Vendor-ucms_projectn/a
Product-ucmsn/a
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2024-28288
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.45%
||
7 Day CHG~0.00%
Published-30 Mar, 2024 | 00:00
Updated-30 Jun, 2025 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-nbr700gwrg-nbr700gw_firmwaren/arg-nbr700gw_firmware
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2025-65212
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 17.89%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 00:00
Updated-29 Jan, 2026 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the device management backend. By reading the corresponding username and self-decrypted MD5 password in the core configuration file, the attacker can directly log in to the backend, thereby bypassing the front-end backend login page.

Action-Not Available
Vendor-njhystn/a
Product-hy511hy511_firmwaren/a
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2018-5455
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 63.02%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 17:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-oncell_g3150-hspa_firmwareoncell_g3110-hspa-toncell_g3150-hspa-toncell_g3110-hspa-t_firmwareoncell_g3110-hspaoncell_g3150-hspa-t_firmwareoncell_g3150-hspaoncell_g3110-hspa_firmwareMoxa OnCell G3100-HSPA Series
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CWE ID-CWE-287
Improper Authentication
CVE-2025-59247
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 43.94%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 21:04
Updated-13 Feb, 2026 | 23:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure PlayFab Elevation of Privilege Vulnerability

Azure PlayFab Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_playfabAzure PlayFab
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2021-28171
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.49%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 11:20
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vangene deltaFlow E-platform - Broken Authentication

The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.

Action-Not Available
Vendor-deltaflow_projectVangene
Product-deltaflowdeltaFlow E-platform
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2024-0947
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.76%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 09:27
Updated-01 Aug, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cookies Manipulation in Talya Informatics' Elektraweb

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb: before v17.0.68.

Action-Not Available
Vendor-Talya Informaticstalya_informatics
Product-Elektrawebelektraweb
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2008-5784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.00% / 89.46%
||
7 Day CHG~0.00%
Published-31 Dec, 2008 | 11:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

Action-Not Available
Vendor-v3chatn/a
Product-v3_chat_profiles_dating_scriptn/a
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2025-2395
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 66.03%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 05:51
Updated-18 Nov, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
e-Excellence U-Office Force - Improper Authentication

The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.

Action-Not Available
Vendor-edetwe-Excellence
Product-u-office_forceU-Office Force
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2025-14440
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.54%
||
7 Day CHG~0.00%
Published-13 Dec, 2025 | 04:31
Updated-15 Dec, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JAY Login & Register <= 2.4.01 - Authentication Bypass via Cookie

The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the 'jay_login_register_process_switch_back' function with the 'jay_login_register_process_switch_back' cookie value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

Action-Not Available
Vendor-jayarsiech
Product-JAY Login & Register
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2023-41084
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.07% / 21.99%
||
7 Day CHG~0.00%
Published-18 Sep, 2023 | 19:56
Updated-02 Aug, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Socomec MOD3GP-SY-120K Reliance on Cookies without Validation and Integrity Checking

Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.

Action-Not Available
Vendor-socomecSocomecsocomec
Product-modulys_gpmodulys_gp_firmwareMODULYS GP (MOD3GP-SY-120K)modulys_gp_firmware
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2023-35885
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.12% / 99.91%
||
7 Day CHG~0.00%
Published-20 Jun, 2023 | 00:00
Updated-09 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.

Action-Not Available
Vendor-mgt-commercen/a
Product-cloudpaneln/a
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2023-3050
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 9.04%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 11:50
Updated-03 Jan, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass in TMT's Lockcell

Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

Action-Not Available
Vendor-tmtmakineTMT
Product-lockcell_firmwarelockcellLockcell
CWE ID-CWE-784
Reliance on Cookies without Validation and Integrity Checking in a Security Decision
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
Details not found