Lucene search
+L

377 matches found

OSV
OSV
added 4 days ago3 views

SUSE-SU-2026:2976-1 Security update for afterburn

This update for afterburn fixes the following issues Update to version 5.10.0.git73.b97f772. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. - CVE-2026-41677: openssl: out-of-bounds read in PEM password...

9.3CVSS6.2AI score0.00559EPSS
Exploits1References19
OSV
OSV
added 2026/07/04 6:38 a.m.11 views

MGASA-2026-0234 Updated yt-dlp packages fix security vulnerabilities

CVE-2026-50019 If curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. CVE-2026-50023 A vulnerability exists in yt-dlp that allows a remote attacker to write...

9.6CVSS6.5AI score0.00555EPSS
Exploits1References5
Mageia
Mageia
added 2026/07/04 6:38 a.m.13 views

Updated yt-dlp packages fix security vulnerabilities

CVE-2026-50019 If curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. CVE-2026-50023 A vulnerability exists in yt-dlp that allows a remote attacker to write...

9.6CVSS6.6AI score0.00555EPSS
Exploits1References4
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS6AI score0.00649EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/07/02 9:42 a.m.16 views

CVE-2026-9595

A flaw was found in webpack-dev-server. When a user configures a proxy with a broad context, such as '/', and enables WebSocket ws: true forwarding, the development server's own Hot Module Replacement HMR WebSocket can be intercepted. This interception leads to the leakage of the browser's cookie...

7.1CVSS5.7AI score0.00163EPSS
Exploits0References8
CVE
CVE
added 2026/06/26 1:11 a.m.12 views

CVE-2026-50744

Revive Adserver 6.0.7 is affected by a bypass of the admin‑only restriction in the XML‑RPC API. The ox.login method returned a session ID cookie in HTTP headers and, although it reported an error, the session was not invalidated, allowing a leaked session ID to be reused for subsequent API calls ...

4.3CVSS5.9AI score0.00173EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.27 views

Linux Distros Unpatched Vulnerability : CVE-2026-9595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and...

5.3CVSS6AI score0.00163EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-50019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked t...

7.4CVSS5.8AI score0.00268EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 5:43 p.m.52 views

CVE-2026-54157

CVE-2026-54157 describes an unauthenticated SSRF in LobeHub’s web API proxy. Prior to version 2.1.57, POST /webapi/proxy accepts a URL in the body and fetches it server-side without authentication, enabling arbitrary outbound requests, leakage of internal deployment details, and reflection of Set...

9CVSS6.1AI score0.0178EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 5:43 p.m.40 views

CVE-2026-54157 LobeHub: Unauthenticated SSRF in `/webapi/proxy`

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make...

9CVSS0.0178EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:43 p.m.4 views

CVE-2026-54157 LobeHub: Unauthenticated SSRF in `/webapi/proxy`

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make...

9CVSS6.1AI score0.0178EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 5:17 p.m.6 views

DEBIAN-CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

7.4CVSS5.8AI score0.00268EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/23 4:13 p.m.6 views

CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

7.4CVSS5.8AI score0.00268EPSS
Exploits0
EUVD
EUVD
added 2026/06/23 4:13 p.m.11 views

EUVD-2026-38497

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

6.1CVSS5.8AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 4:13 p.m.2 views

CVE-2026-50019 yt-dlp: File Downloader cookie leak with curl

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

6.1CVSS5.9AI score0.00268EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 6:16 p.m.7 views

DEBIAN-CVE-2026-50169

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS5.8AI score0.00165EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 3:41 p.m.5 views

CVE-2026-50169 Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

5.7CVSS5.9AI score0.00165EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 6:13 p.m.9 views

GHSA-MX8G-39Q3-5C79 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

Impact When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS5.4AI score0.00163EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/16 8:16 p.m.10 views

Reliance on Cookies without Validation and Integrity Checking

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Reliance on Cookies without Validation and Integrity Checking via curl. An attacker can obtain sensitive cookie information by crafting a malicious website that embeds ...

7.4CVSS5.9AI score0.00268EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 11:53 a.m.21 views

CVE-2026-53900

CVE-2026-53900 concerns Firefox for iOS. The issue: cookies set on the initial PDF request were preserved across cross-origin HTTP redirects in TemporaryDocument, enabling a malicious site to inject cookies into requests to an unrelated target domain. The CVE has a base score of 4.3 (Medium) per ...

4.3CVSS5.5AI score0.001EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder