Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

NewStart CGSL MAIN 6.06 (SP) : curl Vulnerability (NS-SA-2026-0032)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has curl packages installed that are affected by a vulnerability: - This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows ...

6.5CVSS5.7AI score0.01685EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.7 views

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Improper Input Validation (CVE-2023-46218)

This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mix...

6.5CVSS6.2AI score0.01685EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.6 views

Brave Browser Desktop 安全漏洞

Brave Browser Desktop is a desktop browser from Brave USA. A security vulnerability exists in Brave Browser Desktop versions prior to 1.83.10, which stems from a failure to follow the SameSite cookie attribute for the Open Link in Split View context menu item when the Split View feature is enable...

6.5CVSS6.3AI score0.00298EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2023-23657

Malicious code in bioql PyPI...

5CVSS5.1AI score0.00432EPSS
Exploits1References2
Amazon
Amazon
added 2024/05/03 12:0 a.m.4 views

Medium: curl

Issue Overview: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this b...

6.5CVSS6.6AI score0.01685EPSS
Exploits1
OSV
OSV
added 2024/03/06 11:11 a.m.62 views

BIT-GITLAB-2023-1401 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization...

5CVSS4.4AI score0.00432EPSS
Exploits1References3
OSV
OSV
added 2023/12/07 1:15 a.m.7 views

AZL-32099 CVE-2023-46218 affecting package curl for versions less than 8.5.0-1

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS6.6AI score0.01685EPSS
Exploits1References1
OSV
OSV
added 2023/12/07 1:15 a.m.2 views

DEBIAN-CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS6.2AI score0.01685EPSS
Exploits1References1
OSV
OSV
added 2023/12/07 1:15 a.m.10 views

AZL-32119 CVE-2023-46218 affecting package cmake for versions less than 3.21.4-13

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS6.6AI score0.01685EPSS
Exploits1References1
OSV
OSV
added 2023/12/06 7:0 a.m.4 views

UBUNTU-CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS6.6AI score0.01685EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/07/26 6:1 a.m.27 views

CVE-2023-1401 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization...

5CVSS4.5AI score0.00432EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/26 6:1 a.m.48 views

CVE-2023-1401 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization...

5CVSS5.1AI score0.00432EPSS
Exploits1References2
OSV
OSV
added 2023/07/26 6:1 a.m.10 views

CVE-2023-1401 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization...

5CVSS5.2AI score0.00432EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/07/26 12:0 a.m.19 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab DAST scanner versions prior to 3.0.29...

5CVSS5AI score0.00432EPSS
Exploits1References3
OSV
OSV
added 2022/06/02 2:15 p.m.1 views

DEBIAN-CVE-2022-27779

libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...

5.3CVSS6.7AI score0.02414EPSS
Exploits1References1
curl security advisories
curl security advisories
added 2022/05/11 8:0 a.m.9 views

cookie for trailing dot TLD

libcurl wrongly allows HTTP cookies to be set for Top Level Domains TLDs if the hostname is provided with a trailing dot. curl can be told to receive and send cookies when communicating using HTTPS. curl's "cookie engine" can be built with or without Public Suffix List awareness. If PSL support n...

5.3CVSS6.5AI score0.02414EPSS
Exploits1References1Affected Software2
CNNVD
CNNVD
added 2021/11/15 12:0 a.m.29 views

Rails 加密问题漏洞

Rails is a set of open source web application frameworks based on the Ruby language from the Rails team. A cryptographic issue vulnerability exists in Rails multisite, where an attacker may be able to reuse cookies on different sites in multiple Rails applications...

8.8CVSS7.8AI score0.00608EPSS
Exploits0References3
Rows per page
Query Builder