Lucene search
+L

127 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.11 views

Erlang/OTP 20.0 < 27.3.4.14 / 28.0 < 28.5.0.3 / 29.0 < 29.0.3 DTLS Cookie Bypass (CVE-2026-54887)

The version of Erlang/OTP installed on the remote host is 20.0 prior to 27.3.4.14, 28.0 prior to 28.5.0.3, or 29.0 prior to 29.0.3. It is, therefore, affected by a vulnerability: - Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie...

6.3CVSS6.1AI score0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 4:6 p.m.16 views

CVE-2026-54887

CVE-2026-54887 concerns Erlang/OTP's DTLS server in ssl, where during startup the cookie secret is initialized to an empty binary instead of a random value. This makes DTLS cookie computation deterministic for the first 0–15 seconds, allowing an observer of plaintext ClientHello to forge a valid ...

6.3CVSS5.8AI score0.00243EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/07/02 4:6 p.m.4 views

CVE-2026-54887 DTLS server cookie bypass during startup window due to empty initial cookie secret

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS6AI score0.00243EPSS
Exploits0References9
OSV
OSV
added 2026/07/02 4:6 p.m.4 views

EEF-CVE-2026-54887 DTLS server cookie bypass during startup window due to empty initial cookie secret

Summary Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtls\server\connection:initial\hello/3 initializes previous\cookie\secret...

6.3CVSS5.8AI score0.00243EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.10 views

EulerOS 2.0 SP15 : python3 (EulerOS-SA-2026-2507)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickli...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/17 5:58 p.m.12 views

CVE-2026-53871 Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie

Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the getprofilecookie function that accepts unauthenticated profile names from the hermesprofile cookie. An authenticated attacker can forge the hermesprofile cookie value to bypass profile-scoped authorization checks a...

8.6CVSS5.3AI score0.00365EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.32 views

PT-2026-46263

Name of the Vulnerable Software and Affected Versions Neterbit NW-431F Router versions prior to 20241014-IR03 Description Improper Authentication allows for an authentication bypass due to the use of weak and predictable cookie values. An attacker can gain unauthorized access to administrative...

9.8CVSS5.5AI score0.00454EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/01 3:37 p.m.108 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940: cPanel/WHM Authentication Bypass Analysis...

9.8CVSS5.8AI score0.981EPSS
Exploits64
CVE
CVE
added 2026/04/08 9:20 p.m.27 views

CVE-2026-5901

CVE-2026-5901 concerns insufficient policy enforcement in Chrome/Chromium DevTools, enabling a user-assisted attacker who installs a malicious extension to bypass enterprise host restrictions for cookie modification. The issue affects Chrome/Chromium builds prior to version 147.0.7727.55, with ad...

6.5CVSS5.9AI score0.00139EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/08 3:16 p.m.7 views

CVE-2026-39410

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to th...

4.8CVSS0.00284EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/08 2:44 p.m.22 views

CVE-2026-39410 Hono has a non-breaking space prefix bypass in cookie name handling in getCookie()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to th...

4.8CVSS0.00284EPSS
Exploits0References3
CVE
CVE
added 2026/04/08 2:44 p.m.22 views

CVE-2026-39410

Hono CVE-2026-39410 involves a cookie handling flaw in getCookie() where a mismatch between browser cookie parsing and JavaScript parse() trim() causes cookies with a non-breaking-space prefix (U+00A0) to shadow or override legitimate cookies. This can bypass __Secure- and __Host- prefix protecti...

4.8CVSS5.9AI score0.00284EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.7 views

PT-2026-7893

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.10.4 authentik versions prior to 2025.12.4 Description authentik is an open-source identity provider. A malformed cookie could bypass authentication when using forward authentication with the authentik Proxy...

8.6CVSS5.4AI score0.00611EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : php:8.1 (AXSA:2024-9437:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9437:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

7.5CVSS7.8AI score0.49336EPSS
Exploits7References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 8 : php:8.2 (AXSA:2024-9505:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9505:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

7.5CVSS7.8AI score0.49336EPSS
Exploits7References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : firefox-91.9.0-1.el9.ML.1 (AXSA:2022-3990:29)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3990:29 advisory. Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 Mozilla: iframe Sandbox bypass CVE-2022-29911 Mozilla: Fullscreen...

9.8CVSS5.7AI score0.01005EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : php:8.2 (AXSA:2024-9503:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9503:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

7.5CVSS7.8AI score0.49336EPSS
Exploits7References7
RedHat Linux
RedHat Linux
added 2025/11/18 5:54 a.m.4 views

libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior,...

3.7CVSS5.9AI score0.00538EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.8 views

WordPress plugin WP Private Content Plus 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS6.6AI score0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-3108

Malware in sbrugna...

5CVSS6.4AI score0.01299EPSS
Exploits0References5
Rows per page
Query Builder