Lucene search
K

523 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.11 views

Amazon Linux 2023 : python3-tornado (ALAS2023-2026-1587)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1587 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References4
Hacker One
Hacker One
added 2026/04/14 5:45 a.m.36 views

curl: CVE-2026-6276: stale custom cookie host causes cookie leak

Summary: libcurl keeps a stale data-state.aptr.cookiehost after a request that uses a custom Host: header. On later requests on the same easy handle, when no custom Host: is used, libcurl still reuses that stale value for outgoing cookie selection lib/http.c:2560-2563 and incoming Set-Cookie...

7.5CVSS5.5AI score0.00291EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.5 views

SUSE CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 6:31 a.m.6 views

GHSA-FQWM-6JPJ-5WXC Tornado has cookie attribute injection via .RequestHandler.set_cookie

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.9AI score0.00237EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 4:16 a.m.7 views

CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS0.00237EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/03 2:25 a.m.22 views

CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS0.00237EPSS
Exploits0References2
CVE
CVE
added 2026/04/03 2:25 a.m.33 views

CVE-2026-35536

Tornado

7.2CVSS5.9AI score0.00237EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2026/04/01 8:24 a.m.36 views

curl: Cookie attribute TAB injection regression in Set-Cookie parsing

Overview | | | |---|---| | Component | lib/cookie.c — parsecookieheader | | Type | Security regression incomplete input validation | | CWE | CWE-20 Improper Input Validation | | Severity | LOW CVSS 3.1 estimated 3.7, comparable to CVE-2022-35252 | | Affected | curl 8.18.0 through current HEAD | |...

3.7CVSS6AI score0.01839EPSS
Exploits1
Snyk
Snyk
added 2026/03/16 4:22 p.m.2 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via the setcookiegeneratecallback function. An attacker can cause a buffer overflow by providing a callback that returns a cookie value greater than 256 bytes. Note: This is only exploitable if the application explicitly...

9.8CVSS6.1AI score0.00704EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25840

Name of the Vulnerable Software and Affected Versions pyOpenSSL versions 22.0.0 through 25.3.0 Description pyOpenSSL is a Python wrapper around the OpenSSL library. If a user-provided callback to the set cookie generate callback function returned a cookie value exceeding 256 bytes, pyOpenSSL woul...

9.8CVSS6AI score0.00704EPSS
Exploits0References241
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.7 views

CVE-2026-29086

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie...

5.4CVSS5.8AI score0.00216EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 10:9 p.m.4 views

CVE-2026-29086

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie...

5.4CVSS5.8AI score0.00216EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/04 7:49 p.m.3 views

GHSA-5PQ2-9X2X-5P6W Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie()

Summary The setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if...

5.4CVSS5.7AI score0.00216EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.6 views

PT-2026-23077

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.4 Description The setCookie utility did not properly validate semicolons ;, carriage returns r, or newline characters in the domain and path options when creating the Set-Cookie header. Because cookie attributes are...

5.4CVSS6AI score0.00216EPSS
Exploits0References177
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.11 views

Hono 安全漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 contained security vulnerabilities. These vulnerabilities stemmed from the setCookie tool, which did not validate the semicolons, line breaks, or newlines in the domain and path parameters when...

5.4CVSS5.8AI score0.00216EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/20 6:58 p.m.4 views

Insufficient Session Expiration

Overview @hotwired/turbo is a The speed of a single-page web application without having to write any JavaScript Affected versions of this package are vulnerable to Insufficient Session Expiration due to a race condition. An attacker can cause stale session cookies to be restored by delaying HTTP...

6.3CVSS5.5AI score0.00242EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : thunderbird-115.8.0-1.el8_9.ML.1 (AXSA:2024-7565:07)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7565:07 advisory. Mozilla: Out-of-bounds memory read in networking channels CVE-2024-1546 Mozilla: Alert dialog could have been spoofed on another site CVE-2024-1547...

8.1CVSS8.5AI score0.00937EPSS
Exploits1References9
Hacker One
Hacker One
added 2026/01/19 6:46 p.m.27 views

curl: Cross‑origin cookies leak and injection risk when using a custom Host header

Summary When a custom hostname is specified, it is used for cookie matching if the cookie engine is also enabled for this transfer. This matching persists in cross-origin redirects despite that the originally supplied hostname is removed. cookiehost is set from a custom Host header: lib/http.c...

5.7AI score
Exploits0
Hacker One
Hacker One
added 2026/01/19 10:12 a.m.14 views

curl: Cookie Max-Age Integer Overflow Vulnerability

Summary: The cookie parsing code in lib/cookie.c contains an integer overflow vulnerability when processing the Max-Age attribute of HTTP cookies. The vulnerable code attempts to add the max-age value to the current timestamp without adequate overflow protection While the code includes an overflo...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:27 a.m.13 views

CVE-2008-7295

Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.8AI score0.05105EPSS
Exploits0References1
Rows per page
Query Builder