CWE-784
5 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-784page 1 of 1
- CVE-2020-8184HIGHCVSS 7.5EG 7.52020-06-19
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
- CVE-2022-3083LOWCVSS 3.9EG 5.42023-02-01
All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could becom…
- CVE-2023-3050CRITICALCVSS 9.8EG 9.82023-06-13
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass. This issue affects Lockcell: before 15.
- CVE-2024-9820MEDIUMCVSS 6.5EG 6.52024-10-15
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-facto…
- CVE-2026-45055HIGHCVSS 8.1EG 8.12026-05-13
CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded verbatim into transactional email link…
Map vulnerabilities like CWE-784 to your infrastructure
EchelonGraph correlates every CVE — across CWE-784 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →