Lucene search
K

76 matches found

RedhatCVE
RedhatCVE
added 5 days ago4 views

CVE-2026-8924

A flaw was found in curl's cookie parsing logic. A malicious HTTP server can exploit this by setting 'super cookies' that bypass the Public Suffix List check. This allows an attacker-controlled origin to inject cookies that curl then transmits to unrelated third-party domains, leading to...

9.1CVSS5.9AI score0.00649EPSS
Exploits1References6
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS6AI score0.00649EPSS
Exploits1References1
EUVD
EUVD
added 2026/07/03 6:15 a.m.7 views

EUVD-2026-41505

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

6AI score0.00649EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:15 a.m.4 views

CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS6AI score0.00649EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/03 6:15 a.m.60 views

CVE-2026-8924 trailing dot domain super cookie

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

0.00649EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

Curl 7.46.0 < 8.21.0 Trailing Dot Domain Super Cookie

The version of curl installed on the remote host is 7.46.0 prior to 8.21.0. It is, therefore, affected by a cookie injection vulnerability: - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. CVE-2026-8924 Note that...

9.1CVSS6AI score0.00649EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-8924

A flaw in curl's cookie parsing logic allows a malicious HTTP server to set "super cookies" that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl will subsequently scope and transmit to unrelated third-party domains...

9.1CVSS5.9AI score0.00649EPSS
Exploits1References4
OSV
OSV
added 2026/06/24 8:0 a.m.5 views

CURL-CVE-2026-8924 trailing dot domain super cookie

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set "super cookies" that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS5.9AI score0.00649EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.6 views

trailing dot domain super cookie

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set "super cookies" that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS5.9AI score0.00649EPSS
Exploits1References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-51747

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A flaw in the cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that...

9.1CVSS5.8AI score0.00649EPSS
Exploits1References29
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in curl

This flaw allows a malicious HTTP server to set “super cookies” using curl, which are then transmitted back to multiple origins beyond what is allowed or possible. This enables a site to set cookies that are then sent to different and unrelated sites and domains. The attack exploits a flaw in...

6.5CVSS6.6AI score0.01685EPSS
Exploits1References2
OSV
OSV
added 2026/05/04 1:12 p.m.7 views

JLSEC-2026-411 This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back...

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS7.2AI score0.01685EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

NewStart CGSL MAIN 6.06 (SP) : curl Vulnerability (NS-SA-2026-0032)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has curl packages installed that are affected by a vulnerability: - This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows ...

6.5CVSS5.7AI score0.01685EPSS
Exploits1References3
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.17 views

This flaw allows a malicious HTTP server to set "super cookies" in curl

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS7.2AI score0.01685EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.6 views

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-27779)

libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's cookie engine can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...

5.3CVSS6.6AI score0.02414EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.7 views

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Improper Input Validation (CVE-2023-46218)

This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mix...

6.5CVSS6.2AI score0.01685EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.19 views

The vulnerability of the PSL validation mechanism in the Apache HttpClient client module of Apache HttpComponents allows a attacker to perform a CSRF attack.

The vulnerability of the PSL validation mechanism in the Apache HttpClient client module of Apache HttpComponents is related to errors in the certificate authentication process. Exploiting this vulnerability can allow a malicious actor to execute a CSRF attack remotely...

7.8CVSS7AI score0.00745EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/04/24 12:46 p.m.5 views

Improper Certificate Validation

Overview org.apache.httpcomponents.client5:httpclient5 is a HttpClient component of the Apache HttpComponents project. Affected versions of this package are vulnerable to Improper Certificate Validation due to a bug in the validation logic of the Public Suffix List, which allows attackers to...

8.8CVSS6.7AI score0.00745EPSS
Exploits0References2
OSV
OSV
added 2025/04/24 12:31 p.m.3 views

GHSA-73M2-QFQ3-56CX Apache HttpClient disables domain checks

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...

7.5CVSS6.8AI score0.00745EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/04/24 11:44 a.m.9 views

CVE-2025-27820 Apache HttpComponents: PSL (Public Suffix List) validation bypass

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...

6.9AI score0.00745EPSS
Exploits0References4
Rows per page
Query Builder