The vulnerability allows a remote malicious user to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. Note, the vulnerability exists due to incomplete fix for #VU67756 (CVE-2022-31629). (CVE-2024-2756) The vulnerability allows a remote malicious user to bypass authentication process. The vulnerability exists due to an error in within the password_verify() function, which can erroneously return true. A remote attacker can bypass implemented authentication based on the vulnerable function and gain unauthorized access to the web application. (CVE-2024-3096)