Lucene search
K

2013 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS0.00509EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 6 days ago4 views

CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS6AI score0.00509EPSS
Exploits1References3
OSV
OSV
added 2026/07/02 12:0 a.m.3 views

UBUNTU-CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:40 p.m.8 views

CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:7 a.m.7 views

thunderbolt: Validate XDomain request packet size before type cast

...

8.1CVSS5.8AI score0.00283EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 8:38 a.m.6 views

EUVD-2026-39238

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...

5.9AI score0.00283EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 8:38 a.m.3 views

EUVD-2026-39237

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the val...

6AI score0.00242EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-8924

A flaw in curl's cookie parsing logic allows a malicious HTTP server to set "super cookies" that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl will subsequently scope and transmit to unrelated third-party domains...

9.1CVSS5.9AI score0.00509EPSS
Exploits1References4
NVD
NVD
added 2026/06/24 1:16 p.m.10 views

CVE-2026-56223

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:53 a.m.30 views

CVE-2026-56223 Capgo - Account Takeover via Cross-Domain SSO Email Assertion in provision-user

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS0.00244EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56223

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.7 views

EUVD-2026-38737

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.7 views

CVE-2026-56223

Capgo

9.3CVSS6AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 8:0 a.m.5 views

CURL-CVE-2026-8924 trailing dot domain super cookie

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set "super cookies" that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS5.9AI score0.00509EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51747

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A flaw in the cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that...

5.8AI score0.00509EPSS
Exploits1References20
Cvelist
Cvelist
added 2026/06/16 11:53 a.m.28 views

CVE-2026-53899 Cross-origin cookies could be leaked when opening a PDF link

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...

0.00096EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:16 p.m.10 views

CVE-2026-50088

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS0.00182EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 3:1 p.m.7 views

EUVD-2026-36478

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS5.3AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 3:1 p.m.26 views

CVE-2026-50088 Aqara Developer Portal cross-origin resource sharing

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS0.00182EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:1 p.m.11 views

CVE-2026-50088 Aqara Developer Portal cross-origin resource sharing

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS5.2AI score0.00182EPSS
Exploits0References2
Rows per page
Query Builder