Lucene search
K

42 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51747

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A flaw in the cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that...

5.8AI score0.00219EPSS
Exploits0References20
Cvelist
Cvelist
added 2026/06/16 11:53 a.m.26 views

CVE-2026-53899 Cross-origin cookies could be leaked when opening a PDF link

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...

0.00096EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.8 views

IBM DataPower Gateway 安全漏洞

IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...

6.8CVSS5.8AI score0.00252EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 7:15 p.m.6 views

CVE-2025-9614

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to...

6.5CVSS0.00118EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-6580

Malware in sbrugna...

5.3CVSS5.2AI score0.01924EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-2145

Malware in sbrugna...

5CVSS6.4AI score0.02014EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-4677

Malware in sbrugna...

5CVSS6.4AI score0.0116EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-26130

Malware in sbrugna...

6.5CVSS4.9AI score0.00787EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-10689

Malware in sbrugna...

7.5CVSS8.8AI score0.09931EPSS
Exploits1References19
Packet Storm News
Packet Storm News
added 2025/07/08 12:0 a.m.3 views

Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks

CPUs provide isolation mechanisms like virtualization and privilege levels to protect software. Yet these focus on architectural isolation while typically overlooking microarchitectural side channels, exemplified by Meltdown and Foreshadow. Software must therefore supplement architectural defense...

7.1AI score
Exploits0
CVE
CVE
added 2025/04/14 11:15 p.m.71 views

CVE-2025-31491

CVE-2025-31491 affects AutoGPT prior to version 0.6.1. A custom requests wrapper does not follow redirects safely: the initial request is not redirected, but the wrapper re-issues the request to the new location. Crucially, this re-request path does not account for security-sensitive headers and ...

8.6CVSS8.4AI score0.00388EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2025/01/01 6:47 a.m.3 views

Reliance on Cookies without Validation and Integrity Checking

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Reliance on Cookies without Validation and Integrity Checking due to improper cookies validation through YoutubeDL.py. This vulnerability allows unscoped cookies to be...

6.9CVSS6.9AI score
Exploits0References3
OSV
OSV
added 2024/10/31 9:9 a.m.3 views

USN-7086-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-10458 CVE-2024-10459,...

9.8CVSS7.1AI score0.00809EPSS
Exploits0References12
OSV
OSV
added 2024/02/22 3:11 a.m.4 views

USN-6649-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-1547, CVE-2024-1548,...

9.8CVSS7.2AI score0.00937EPSS
Exploits2References13
Hacker One
Hacker One
added 2023/11/08 2:3 a.m.28 views

X (Formerly Twitter): Cross-Domain Leakage of X Username / UserID due to Dynamically Generated JS File

The vulnerability allowed the retrieval of a user's X username and user ID from a dynamically generated JavaScript file hosted on Twitter. An attacker could force a victim to import the file from a malicious website, bypassing the Same-Origin Policy and exposing the user's sensitive information...

6.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.3 views

SUSE CVE-2016-9900

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

7.5CVSS6.4AI score0.09931EPSS
Exploits1References23
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-32690

Helm is a tool for managing Charts packages of pre-configured Kubernetes resources. In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. Thi...

8.6CVSS8.2AI score0.01395EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/05/25 12:0 a.m.3 views

CVE-2022-29248 Cross-domain cookie leakage in Guzzle

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

8CVSS8.1AI score0.01239EPSS
Exploits0References5
OSV
OSV
added 2022/04/05 1:15 p.m.4 views

ALPINE-CVE-2022-26357

race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the...

7CVSS6.3AI score0.00248EPSS
Exploits0References1
Hacker One
Hacker One
added 2021/01/25 7:11 p.m.118 views

Sixt GmbH & Co. Autovermietung KG BBP: Cross domain token leakage via Referer header

Summary: The password reset link of user account on critical sixt+ domain/product can be obtained using the page https://www.sixt.com/php/profile/loginorpasswordforgotten. This page requires email address and surname/lastname of the user to send password reset link on email. This link contains th...

7AI score
Exploits0
Rows per page
Query Builder