Lucene search
K

10 matches found

NVD
NVD
added 2026/06/22 2:17 p.m.12 views

CVE-2026-56425

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 2:12 p.m.36 views

CVE-2026-43972

CVE-2026-43972 (gun_http2) : In gun_http2:push_promise_frame/7, the incoming PUSH_PROMISE :authority header is stored without validating it against the connection origin. Later, gun_http2:headers_frame/9 uses this unvalidated value when calling gun_cookies:set_cookie_header/7, before status handl...

6.3CVSS5.7AI score0.00215EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/15 2:44 p.m.4 views

EUVD-2025-203381

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...

6.9CVSS6.2AI score0.00075EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/15 2:44 p.m.10 views

CVE-2025-34412

...

6.5AI score0.00075EPSS
Exploits0
NVD
NVD
added 2025/10/27 8:15 p.m.5 views

CVE-2025-59151

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...

8.2CVSS0.00398EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/05/26 7:1 a.m.32 views

libsoup: Cookie domain validation bypass via uppercase characters in libsoup

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS5.7AI score0.00348EPSS
Exploits0References5
OSV
OSV
added 2025/04/29 1:15 p.m.7 views

CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS6.6AI score0.00348EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.2 views

PT-2025-18149

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an...

5CVSS6.5AI score0.00348EPSS
Exploits0References31
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.6 views

PT-2023-1575 · Symfony +4 · Symfony +4

Name of the Vulnerable Software and Affected Versions: Symfony versions prior to 4.4 Description: The issue is related to incorrect session management in Symfony, a PHP framework for web and console applications. When authenticating users, Symfony by default regenerates the session ID upon login...

8.8CVSS6.6AI score0.63422EPSS
Exploits1References58
OSV
OSV
added 2017/09/01 1:29 p.m.1 views

DEBIAN-CVE-2017-12868

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation...

9.8CVSS9.8AI score0.02133EPSS
Exploits0References1
Rows per page
Query Builder