Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/04/22 7:28 p.m.7 views

PSF-2026-21

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

6.1CVSS5.7AI score0.00082EPSS
Exploits1References6
Prion
Prionadded 2023/02/25 12:15 a.m.15 views

Sql injection

Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...

6.4CVSS9.1AI score0.00552EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2020/09/11 5:15 p.m.22 views

CVE-2020-1045

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update address...

7.5CVSS7.6AI score0.20401EPSS
Exploits0References6
BDU FSTEC
BDU FSTECadded 2019/07/11 12:0 a.m.2 views

The vulnerability of the Cockpit server manager, caused by an operation going beyond buffer boundaries in memory, allows a attacker to trigger a service failure.

The vulnerability of the Cockpit server administrator arises from an operation that occurs outside the buffer boundaries of memory. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause a service failure by sending a specially crafted request along with a specially...

7.8CVSS5.7AI score0.04307EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVEadded 2019/03/26 12:0 a.m.23 views

CVE-2019-3804

It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash...

7.5CVSS7.4AI score0.04307EPSS
Exploits0
Prion
Prionadded 2010/11/22 8:0 p.m.14 views

Command injection

Cisco Unified Videoconferencing UVC System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface PRI Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces BRI Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit MCU improperly use cookies for...

5CVSS6.8AI score0.0026EPSS
Exploits0References3Affected Software7
securityvulns
securityvulnsadded 2005/02/18 12:0 a.m.29 views

[ SCL-2005.001 ] - WebCalendar: SQL Injection from encoded cookie

=====BEGIN-SCL-REPORT===== Scovetta Labs Security Advisory Title: WebCalendar: SQL Injection from encoded cookie Status: Public Release Date: 2005-02-16 Package: WebCalendar Vendor: k5n.us - http://www.k5n.us/webcalendar.php Priority: High Vulnerability: SQL Injection Affected Versions:...

0.6AI score
Exploits0
Rows per page
Query Builder