EUVD-2026-37758

undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching...

CVE-2026-11525 undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

PT-2024-22172 · WordPress · Dsgvo All In One For Wp

Name of the Vulnerable Software and Affected Versions: DSGVO All in one for WP versions n/a through 4.3 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user without their knowledge or consent. Recommendations:...

PT-2024-20498 · Unknown · Page Restrict

Name of the Vulnerable Software and Affected Versions: Page Restrict versions 2.5.5 and earlier Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions on a web application that the user is...

PT-2024-13964 · Unknown · Online Notice Board System

Name of the Vulnerable Software and Affected Versions: Online Notice Board System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the dd parameter of the "registration.php" resource does not validate the characters received, and th...

PT-2024-13965 · Unknown · Online Notice Board System

Name of the Vulnerable Software and Affected Versions: Online Notice Board System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the e parameter of the "login.php" resource does not validate the characters received, and they are...

PT-2024-18984 · Rubygems · Omniauth-Microsoft Graph

Name of the Vulnerable Software and Affected Versions: omniauth-microsoft graph versions prior to 2.0.0 Description: The implementation did not validate the legitimacy of the email attribute of the user nor did it give or document an option to do so, making it susceptible to nOAuth misconfigurati...

PT-2022-23100 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when the DrawBoundingBoxes function receives an input boxes th...

Improper Verification of Cryptographic Signature

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid ...

PT-2021-18320 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: The implementation of tf.raw...