CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

CVE-2026-43972

CVE-2026-43972 (gun_http2) : In gun_http2:push_promise_frame/7, the incoming PUSH_PROMISE :authority header is stored without validating it against the connection origin. Later, gun_http2:headers_frame/9 uses this unvalidated value when calling gun_cookies:set_cookie_header/7, before status handl...

6.3CVSS5.7AI score0.00018EPSS

Exploits0References3

Vulnrichment•added 2025/12/15 2:44 p.m.•3 views

CVE-2025-34412

...

6.5AI score0.00075EPSS

Exploits0

EUVD•added 2025/12/15 2:44 p.m.•2 views

EUVD-2025-203381

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...

6.9CVSS6.2AI score0.00075EPSS

Exploits0References7

NVD•added 2025/10/27 8:15 p.m.•2 views

CVE-2025-59151

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...

8.2CVSS0.00108EPSS

Exploits1References1

RedHat Linux•added 2025/05/26 7:1 a.m.•3 views

libsoup: Cookie domain validation bypass via uppercase characters in libsoup

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS5.7AI score0.00262EPSS

Exploits0References4

OSV•added 2025/04/29 1:15 p.m.•6 views

CVE-2025-4035

4.3CVSS6.6AI score0.00262EPSS

Exploits0References3

Positive Technologies•added 2025/04/29 12:0 a.m.•1 views

PT-2025-18149 · Libsoup +1 · Libsoup +1

Name of the Vulnerable Software and Affected Versions: libsoup affected versions not specified Description: A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes ...

7.5CVSS6AI score0.00986EPSS

Exploits0References29

Positive Technologies•added 2023/02/01 12:0 a.m.•5 views

PT-2023-1575 · Symfony +4 · Symfony +4

Name of the Vulnerable Software and Affected Versions: Symfony versions prior to 4.4 Description: The issue is related to incorrect session management in Symfony, a PHP framework for web and console applications. When authenticating users, Symfony by default regenerates the session ID upon login...

8.8CVSS6.6AI score0.86622EPSS

Exploits2References58

OSV•added 2017/09/01 1:29 p.m.•0 views

DEBIAN-CVE-2017-12868

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation...

9.8CVSS9.8AI score0.00764EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by