CVEs classified under CWE-539, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2025-27673 — CVSS 9.1 (critical): Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body…
CVE-2024-39275 — CVSS 8.0 (high): Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a…
CVE-2023-30861 — CVSS 7.5 (high): Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended…
CVE-2026-35192 — CVSS 6.5 (medium): An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified…
CVE-2021-27463 — CVSS 5.3 (medium): A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize…
CVE-2026-24318 — CVSS 4.2 (medium): Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker…
CVE-2025-52633 — CVSS 3.1 (low): HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in…