Lucene search
K

5 matches found

Veracode
Veracode
added 2026/06/09 5:1 a.m.13 views

DNS Cache Poisoning

Netty is vulnerable to DNS Cache Poisoning. The vulnerability is due to insufficient validation of the bailiwick of NS records in DnsResolveContext, which allows an attacker controlling an authoritative subdomain name server to poison DNS cache entries for parent domains...

10CVSS5.5AI score0.00292EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2025/03/12 10:6 p.m.10 views

GHSA-HG9J-64WP-M9PX Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

Summary A session hijacking vulnerability exists when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement for applications hosted on sibling subdomains e.g.,...

6.8CVSS6.6AI score0.00463EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/03/12 10:6 p.m.20 views

Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

Summary A session hijacking vulnerability exists when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement for applications hosted on sibling subdomains e.g.,...

6.8CVSS6.8AI score0.00463EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2025/03/12 2:0 p.m.7 views

CVE-2025-27794 Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement f...

6.8CVSS7AI score0.00463EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/12 2:0 p.m.40 views

CVE-2025-27794 Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement f...

6.8CVSS0.00463EPSS
Exploits0References3
Rows per page
Query Builder