CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

CVE-2026-54287

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00186EPSS

Exploits0References1

Tenable Nessus•added 2026/06/12 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js- cookie's internal assign helper copies properties with...

7.5CVSS5.3AI score0.00363EPSS

Exploits0References3

NVD•added 2026/06/10 10:16 p.m.•7 views

CVE-2026-46625

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS0.00363EPSS

Exploits0References3

OSV•added 2026/06/10 10:16 p.m.•2 views

DEBIAN-CVE-2026-46625

7.5CVSS5.2AI score0.00363EPSS

Exploits0References1

OSV•added 2026/06/10 10:16 p.m.•3 views

UBUNTU-CVE-2026-46625

7.5CVSS5.2AI score0.00363EPSS

Exploits0References5

Debian CVE•added 2026/06/10 9:18 p.m.•6 views

CVE-2026-46625

7.5CVSS5.2AI score0.00363EPSS

Exploits0

CVE•added 2026/06/10 9:18 p.m.•70 views

CVE-2026-46625

CVE-2026-46625 concerns the JavaScript Cookie library (js-cookie) prior to 3.0.7. A per-instance prototype hijack occurs in the internal assign() when merging properties from a source object produced by JSON.parse that may include an own enumerable proto key. This polluted prototype leads to atta...

7.5CVSS5.4AI score0.00363EPSS

Exploits0References3

EUVD•added 2026/06/10 9:18 p.m.•7 views

EUVD-2026-36154

7.5CVSS5.4AI score0.00363EPSS

Exploits0References3

RedhatCVE•added 2026/06/05 7:51 p.m.•8 views

CVE-2025-52608

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root...

4.3CVSS5.5AI score0.00098EPSS

Exploits0References1

Cvelist•added 2026/06/04 11:49 a.m.•37 views

CVE-2025-52608 HCL iControl was affected by Missing Cookie Attributes vulnerability.

3.1CVSS0.00098EPSS

Exploits0References1

ATTACKERKB•added 2026/06/04 11:49 a.m.•6 views

CVE-2025-52608

3.1CVSS5.8AI score0.00098EPSS

Exploits0References2Affected Software1

EUVD•added 2026/06/04 11:49 a.m.•6 views

EUVD-2025-210061

4.3CVSS5.8AI score0.00098EPSS

Exploits0References1

CVE•added 2026/06/04 11:49 a.m.•13 views

CVE-2025-52608

The CVE-2025-52608 entry concerns HCL iControl with Missing Cookie Attributes: cookies lack Secure and SameSite flags and have root path. Affected component is the web application’s session cookies; root path configuration and missing security attributes are cited as the underlying issue. The pro...

4.3CVSS5.8AI score0.00098EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/06/04 11:49 a.m.•6 views

CVE-2025-52608 HCL iControl was affected by Missing Cookie Attributes vulnerability.

3.1CVSS5.8AI score0.00098EPSS

Exploits0References1

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46184

3.1CVSS5.8AI score0.00098EPSS

Exploits0References2

Github Security Blog•added 2026/05/21 9:20 p.m.•16 views

JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

Summary js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property, so the for…in enumerates it and the targetkey = sourcekey write triggers the...

7.5CVSS5.8AI score0.00363EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/21 9:20 p.m.•5 views

GHSA-QJX8-664M-686J JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

7.5CVSS5.8AI score0.00363EPSS

Exploits0References5

Positive Technologies•added 2026/05/21 12:0 a.m.•9 views

PT-2026-42640

Summary js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's " proto " member is an own enumerable property, so the for…in enumerates it and the targetkey = sourcekey write triggers the...

7.5CVSS5.8AI score

Exploits0References3

Positive Technologies•added 2026/05/21 12:0 a.m.•12 views

PT-2026-42689

Name of the Vulnerable Software and Affected Versions js-cookie versions prior to 3.0.7 Description The internal assign function copies properties using a for...in loop and plain assignment. When a source object is created via JSON.parse, the proto member is treated as an own enumerable property...

7.5CVSS5.5AI score0.00363EPSS

Exploits0References9

Tenable Nessus•added 2026/05/14 12:0 a.m.•13 views

Amazon Linux 2 : python3-tornado, --advisory ALAS2-2026-3287 (ALAS-2026-3287)

The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3287 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to...

7.2CVSS5.8AI score0.00237EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by