CWE-565: CWE-565

Total CVEs

Critical

High

8.5

Avg CVSS

Yearly Trend

2026

2025

2024

2023

2022

Top Affected Vendors

1 Suse 1

2 Newtype 1

3 Cellinx 1

4 Fortinet 1

5 Fedoraproject 1

6 Ibm 1

7 Redhat 1

8 Njhyst 1

9 Zabbix 1

10 Debian 1

All CWE-565 CVEs (18)

CVE-2023-41084

10.0

This vulnerability involves improper session management in a web application that allows attackers to steal session cookies. Attackers can then perfor...

Sep 18, 2023

CVE-2022-50926

9.8

This vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS firmware allows attackers to escalate privileges by manipulating session cookies. Attackers can ...

Jan 13, 2026

CVE-2025-65212

9.8

This vulnerability allows unauthenticated attackers to download the core configuration file from NJHYST HY511 POE devices, extract MD5-hashed password...

Jan 6, 2026

CVE-2025-14440

9.8

The JAY Login & Register WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing u...

Dec 13, 2025

CVE-2025-2395

9.8

U-Office Force from e-Excellence has an improper authentication vulnerability that allows unauthenticated remote attackers to manipulate cookies and u...

Mar 17, 2025

CVE-2024-0947

9.8

This vulnerability in Talya Informatics Elektraweb allows attackers to manipulate session cookies to impersonate legitimate users or escalate privileg...

Jun 27, 2024

CVE-2024-28288

9.8

The Ruijie RG-NBR700GW router version 10.3(4b12) lacks proper cookie verification during password reset, allowing attackers to reset the administrator...

Mar 30, 2024

CVE-2023-32725

9.6

This vulnerability in Zabbix allows session cookie leakage through URL widgets. When testing or executing scheduled reports, the configured website re...

Dec 18, 2023

CVE-2024-9970

8.8

The FlowMaster BPM Plus system has a privilege escalation vulnerability where remote attackers with regular user privileges can manipulate a specific ...

Oct 15, 2024

CVE-2022-30620

8.2

This vulnerability allows attackers with web access to Cellinx cameras to elevate privileges from guest (1) to administrator (0) by manipulating cooki...

Jul 18, 2022

CVE-2025-64447

8.1

This vulnerability allows unauthenticated attackers to execute arbitrary operations on FortiWeb web application firewalls by sending crafted HTTP/HTTP...

Dec 9, 2025

CVE-2024-21872

7.5

This vulnerability allows unauthenticated attackers to bypass authentication by manipulating cookies, gaining access to hidden administrative pages an...

Apr 18, 2024

CVE-2022-35284

7.5

IBM Security Verify Information Queue 10.0.2 has a missing or insecure SameSite attribute on sensitive cookies, allowing attackers to potentially stea...

Jul 25, 2022

CVE-2021-41819

7.5

This vulnerability in Ruby's CGI::Cookie.parse function mishandles security prefixes in cookie names, allowing attackers to bypass cookie security mec...

Jan 1, 2022

CVE-2023-32612

7.2

This vulnerability allows attackers with administrative access to execute arbitrary operating system commands with root privileges on affected WavLink...

Jun 30, 2023

CVE-2025-48980

6.5

This vulnerability in Brave Browser Desktop allows SameSite=Strict cookies to be sent during cross-site navigations when using the 'Open Link in Split...

Oct 31, 2025

CVE-2025-31120

5.3

This vulnerability allows unauthenticated attackers to artificially inflate forum view counts in NamelessMC. The insecure mechanism relies on client-s...

Apr 18, 2025

CVE-2021-47706

N/A

COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to forge cookies an...

Dec 9, 2025

About CWE-565 (CWE-565)

Our database tracks 18 CVEs classified as CWE-565, with 8 rated critical and 7 rated high severity. The average CVSS score for CWE-565 vulnerabilities is 8.5.

External reference: View CWE-565 on MITRE CWE →

Monitor CWE-565 Vulnerabilities

Get alerted when new CWE-565 CVEs affect your infrastructure.

Start Monitoring Free