CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/11 12:58 p.m.•8 views

EUVD-2026-36243

Cvelist•added 2026/06/11 12:58 p.m.•25 views

CVE-2026-53661 boruta-server sent sensitive session cookies without the Secure attribute

8.8CVSS0.00259EPSS

Vulnrichment•added 2026/06/11 12:58 p.m.•8 views

CVE-2026-53661 boruta-server sent sensitive session cookies without the Secure attribute

CVE•added 2026/06/11 12:58 p.m.•14 views

CVE-2026-53661

CVE-2026-53661 affects Boruta (standalone OAuth2/OpenID Connect server). Prior to 0.9.1, session cookies (_boruta_web_key) and identity remember-me cookie (_boruta_identity_web_user_remember_me) were set without Secure; in plaintext HTTP this enables cookie capture and impersonation. Affected com...

Cvelist•added 2026/06/11 11:30 a.m.•25 views

CVE-2026-11956 TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

6.3CVSS0.00278EPSS

EUVD•added 2026/06/11 11:30 a.m.•7 views

EUVD-2026-36236

6.3CVSS4.9AI score0.00278EPSS

Vulnrichment•added 2026/06/11 11:30 a.m.•8 views

CVE-2026-11956 TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute

6.3CVSS5AI score0.00278EPSS

CVE•added 2026/06/11 11:30 a.m.•23 views

CVE-2026-11956

CVE-2026-11956 affects TwiN gatus 5.36.0, specifically the OIDC Session Cookie Handler (setSessionCookie). The issue is a missing Secure attribute on the session cookie, enabling potential exposure of sensitive cookie data via remote manipulation. The description indicates high attack complexity ...

6.3CVSS4.9AI score0.00278EPSS

RedhatCVE•added 2026/06/11 2:59 a.m.•7 views

CVE-2026-45329

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS5.4AI score0.00117EPSS

RedhatCVE•added 2026/06/11 2:59 a.m.•7 views

CVE-2026-45328

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

9.3CVSS5.3AI score0.00126EPSS

OSV•added 2026/06/11 12:51 a.m.•7 views

CLEANSTART-2026-WA48911 authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users

Multiple security vulnerabilities affect the percona-server-mongodb-operator package. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. See...

9.8CVSS5.5AI score0.01027EPSS

Exploits2References61

Positive Technologies•added 2026/06/11 12:0 a.m.•7 views

PT-2026-48665

CNNVD•added 2026/06/11 12:0 a.m.•13 views

Exploits0References4

VMware Spring Integration 路径遍历漏洞

VMware Spring Integration is an enterprise application integration framework developed by VMware, Inc. Versions 7.0.0 to 7.0.4, 6.5.0 to 6.5.8, 6.4.0 to 6.4.11, 6.3.0 to 6.3.14, and 5.5.0 to 5.5.20 of VMware Spring Integration have a path traversal vulnerability. This vulnerability arises due to...

7.1CVSS5.5AI score0.00177EPSS

Tenable Nessus•added 2026/06/11 12:0 a.m.•5 views

FreeBSD : Erlang/OTP -- SFTP READLINK discloses server filesystem paths (d87e41a4-64d4-11f1-ab11-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87e41a4-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh reports: The SSH SFTP daemon's...

6.5CVSS5.3AI score0.00276EPSS

CNNVD•added 2026/06/11 12:0 a.m.•7 views

gatus 安全漏洞

Gatus is a service health monitoring and alerting tool developed by TwiN’s individual developers. Version 5.36.0 of Gatus contains a security vulnerability. This vulnerability stems from the setSessionCookie function in the OIDC session cookie handler. Performing certain operations may result in...

6.3CVSS4.9AI score0.00278EPSS

OSV•added 2026/06/10 10:16 p.m.•2 views

DEBIAN-CVE-2026-46625

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS5.2AI score0.00362EPSS

Cvelist•added 2026/06/10 9:18 p.m.•29 views

CVE-2026-46625 JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

7.5CVSS0.00362EPSS

RedhatCVE•added 2026/06/10 9:2 p.m.•8 views

CVE-2026-48570

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

7.9CVSS5.4AI score0.00244EPSS