Lucene search
K

9078 matches found

RedHat Linux
RedHat Linux
added yesterday3 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS6AI score0.00189EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday3 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS6AI score0.00189EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday3 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS6AI score0.00189EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday32 views

Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

Export WP Page to Static HTML & PDF WordPress plugin = 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger...

9.8CVSS6AI score0.01954EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday123 views

Proxmox - CRLF Injection

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

7.1CVSS7AI score0.0138EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday48 views

Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...

7.5CVSS7AI score0.04691EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added yesterday3 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS6AI score0.00189EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

libcurl 7.46.0 < 8.21.0 Super Cookie PSL Bypass (CVE-2026-8924)

The version of libcurl installed on the remote host is 7.46.0 prior to 8.21.0. It is, therefore, affected by a cookie injection vulnerability: - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an...

9.1CVSS6.1AI score0.00649EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 5 days ago6 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS5.9AI score0.00189EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in client-cookies-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12870ae203f2612ab2bf9e796583acba17914cd4699909156f86c643fcf51f24 package.json declares postinstall=node index.js, which runs automatically on npm install. index.js collects host identifiers via os.hostname,...

6.4AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago5 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS5.9AI score0.00189EPSS
Exploits0References6
NVD
NVD
added 5 days ago7 views

CVE-2026-11875

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner identified by email address to read, reply to, and close that person's support tickets...

5.3CVSS0.00193EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 5 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-59883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP- address or bare-numeric Domain values to the exact ho...

6.1CVSS6.1AI score0.00115EPSS
Exploits0References3
CVE
CVE
added 6 days ago11 views

CVE-2026-5923

CVE-2026-5923 affects Poly Voice IP phones’ WebUI. A stolen cookie may enable CSRF to modify the WebUI contents. Impact: integrity and availability High; confidentiality Low. Exploitation status and fixes are not detailed in the provided documents; no patch/version info is given.

6CVSS5.9AI score0.00139EPSS
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2026-59883

Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain applied ordinary suffix matching to domains such as 192.168.0.1, ::1, or 1, allowing...

6.1CVSS0.00115EPSS
Exploits0References4
Amazon
Amazon
added 6 days ago5 views

Important: thunderbird

Issue Overview: Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. CVE-2026-12289 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firef...

9.6CVSS6.9AI score0.00476EPSS
Exploits0
Debian CVE
Debian CVE
added last week5 views

CVE-2026-48588

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

5.3CVSS6AI score0.00375EPSS
Exploits0
Snyk
Snyk
added last week5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET /api/oauth/email/bind and GET /api/oauth/wechat/bind endpoints. An attacker can alter account binding state by tricking a logged-in user into visiting a crafted link, potentially allowing the...

6CVSS5.9AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added last week5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET /api/oauth/email/bind and GET /api/oauth/wechat/bind endpoints. An attacker can alter account binding state by tricking a logged-in user into visiting a crafted link, potentially allowing the...

6CVSS5.9AI score0.00187EPSS
Exploits0References2
OSV
OSV
added last week5 views

PYSEC-2026-2004 vantage6's CORS settings overly permissive

Impact The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies Patches No Workarounds No...

4.2CVSS5.9AI score0.00311EPSS
Exploits0References6
Rows per page
Query Builder