CVE-2026-4035

creationtimestamp| type| source ---|---|--- 2026-06-03 11:39:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnezkx6wpd2d 2026-06-04 05:02:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mngtttwgfg25...

EUVD-2026-4035

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through 5.6.2...

EUVD-2007-4184

Malware in sbrugna...

Oracle Linux 10 : libsoup3 (ELSA-2025-7505)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7505 advisory. - Fix CVE-2025-4035, CVE-2025-4948, CVE-2025-32049, CVE-2025-32907 Tenable has extracted the preceding description block directly from the Oracle Linu...

Oracle Linux 10 : libsoup3 (ELSA-2025-8128)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-8128 advisory. - Fix CVE-2025-4035, CVE-2025-4948, CVE-2025-32049, CVE-2025-32907 Tenable has extracted the preceding description block directly from the Oracle Linu...

ALSA-2025:8128 Important: libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

CVE-2025-4035

creationtimestamp| type| source ---|---|--- 2025-04-29 13:12:17+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13805 2025-04-29 16:49:58+00:00| seen| https://t.me/cvedetector/24012...

CVE-2025-4035

Libsoup3 is affected by CVE-2025-4035: a cookie-domain validation bypass occurs when handling cookies where the domain contains at least two components and includes an uppercase character, allowing cookies to be set for public suffix domains a site does not own. The vulnerability is described acr...

RHSA-2024:4035

creationtimestamp| type| source ---|---|--- 2025-04-15 15:54:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11857...

Linux Distros Unpatched Vulnerability : CVE-2015-4035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execut...

CVE-2022-4035

The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for...

openSUSE Security Advisory (SUSE-SU-2024:4035-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : bind (EulerOS-SA-2024-2456)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU...

EulerOS 2.0 SP8 : dnsmasq (EulerOS-SA-2024-2461)

According to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CP...

EulerOS Virtualization 2.12.1 : systemd (EulerOS-SA-2024-2318)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cau...

EulerOS Virtualization 2.12.0 : systemd (EulerOS-SA-2024-2338)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cau...

EulerOS 2.0 SP12 : systemd (EulerOS-SA-2024-2252)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of...

EulerOS 2.0 SP12 : systemd (EulerOS-SA-2024-2228)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of...