Lucene search
K

9011 matches found

CVE
CVE
added 2026/06/22 4:32 p.m.36 views

CVE-2026-54279

CVE-2026-54279 affects the aiohttp library (Python asyncio framework). Prior to version 3.14.1, host-only cookies saved with CookieJar.save() and later restored with CookieJar.load() may lose their host-only status, effectively becoming domain cookies. The issue is fixed in aiohttp 3.14.1. Affect...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 4:32 p.m.32 views

CVE-2026-54279 AIOHTTP: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

5.3CVSS0.00279EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 3:32 p.m.33 views

CVE-2026-54264 Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS0.00226EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/22 4:36 a.m.7 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS5.8AI score0.00189EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 4:5 a.m.5 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS5.8AI score0.00189EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 3:17 a.m.5 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS5.8AI score0.00189EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54279

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then...

7.5CVSS5.9AI score0.00279EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.6 views

PT-2026-51445

Name of the Vulnerable Software and Affected Versions MotionEye affected versions not specified Description An authentication bypass occurs because the application improperly trusts client-controlled cookies. The server accepts the cookies meye username and meye password hash as sufficient...

9.1CVSS5.8AI score
Exploits0References7
EUVD
EUVD
added 2026/06/20 6:27 p.m.8 views

EUVD-2026-38134

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...

6.1CVSS5.7AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/06/20 4:17 p.m.11 views

CVE-2025-71331

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

6.1CVSS0.00222EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.7 views

EUVD-2025-210289

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

6.1CVSS5.7AI score0.00222EPSS
Exploits1References2
NVD
NVD
added 2026/06/20 2:16 p.m.11 views

CVE-2020-37255

WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWPJSONPREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies...

8.7CVSS0.00398EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/20 1:36 p.m.8 views

CVE-2020-37255

WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWPJSONPREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies...

8.7CVSS5.9AI score0.00398EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 1:36 p.m.8 views

EUVD-2019-20199

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/20 1:36 p.m.6 views

CVE-2019-25763

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 9:17 p.m.5 views

GHSA-7HW8-6Q6R-4276 Langflow: Logout button does not clear session

Summary The logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. Details Not in auto login mode. Hosted on localhost. accesstokenlf remains present in both Local Storage and Cookies. refreshtokenlf remains present in Cookies. Root...

6.1CVSS5.9AI score0.00152EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/06/19 9:17 p.m.9 views

Langflow: Logout button does not clear session

Summary The logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. Details Not in auto login mode. Hosted on localhost. accesstokenlf remains present in both Local Storage and Cookies. refreshtokenlf remains present in Cookies. Root...

6.1CVSS5.9AI score0.00152EPSS
Exploits1References4Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with the expected state of the cookie jar. This could result in requests being sent with some cookies missing. This vulnerability affects Firefox 116, Firefox ESR...

7.5CVSS6.7AI score0.00614EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Requests initiated through the reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

6.1CVSS6.7AI score0.00644EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When a ServiceWorker intercepted a request using FetchEvent, the origin of the request was lost after the ServiceWorker took control of it. This caused the SameSite cookie protections to be negated. This issue was addressed in the specifications, and later in browsers. This vulnerability affects...

6.5CVSS6.8AI score0.00744EPSS
Exploits0References2
Rows per page
Query Builder