CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

SPIP 输入验证错误漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.15 had a vulnerability related to input validation errors, which stemmed from an open-redirecting vulnerability in the action/cookie.php file within ecrire...

Linux Distros Unpatched Vulnerability : CVE-2026-40934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a...

curl: Cookie Replacement Use-After-Free Vulnerability

Summary: The cookie replacement logic in lib/cookie.c contains a use-after-free vulnerability in the replaceexisting function. The function modifies a linked list while iterating over it, creating potential for memory corruption in concurrent or complex cookie operations. Vulnerable Code Location...

EUVD-2011-4260

Malware in sbrugna...

Advisory ROSA-SA-2024-2530

Software: python3-werkzeug 1.0.1 OS: rosa-server79 packageevrstring: python3-werkzeug-1.0.1-2.res7 CVE-ID: CVE-2023-25577 BDU-ID: 2023-02343 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the WSGI Werkzeug web application library is related to the application not properly controlling the...

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Mod_auth_openidc, allows a perpetrator to cause a service denial.

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Modauthopenidc, is related to the installation of OIDCStripCookies and the provision of a created cookie file. After that, the NULL pointer is reassigned, resulting in a segmentation error. Exploiting...

The vulnerability of the Skupper package, a software tool for managing and integrating microservices in cloud and hybrid environments of Red Hat Service Interconnect, allows a hacker to bypass the authentication process.

The vulnerability of the Skupper package, a software tool for managing and integrating microservices in cloud and hybrid environments of Red Hat Service Interconnect, is related to the use of default credentials. Exploiting this vulnerability could allow an attacker to bypass authentication...

ROS-20240328-05

Vulnerability of icmpping function of Zabbix universal monitoring system is related to errors in input data processing. of input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability of the smart.disk.get edent of the Zabbix...

The vulnerability of the XWiki platform, a collaborative web application, lies in its insufficient validation of incoming requests. This allows attackers to gain unauthorized access to cookies files.

The vulnerability of the XWiki Platform lies in the insufficient verification of incoming requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to cookies files...

DEBIAN-CVE-2023-38546

This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a functio...

USN-6237-1: curl vulnerabilities

Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. CVE-2023-28321 Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain...

The vulnerability of Mozilla Firefox and Focus for Android, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Mozilla Firefox and Focus for Android browsers is related to information representation errors in the user interface. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks using a specially created cookie file...

The vulnerability of the Flask framework lies in its ability to send a single client’s cookie session file to other users, allowing an attacker to access protected information.

The vulnerability of the Flask framework lies in the ability to send a session cookie file from one client to other users. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to protected information...

The vulnerability of Moxa TN-5916 series router microprogramming software, related to the possibility of modifying the cookie file, allows attackers to enhance their privileges.

The vulnerability of Moxa TN-5916 router microprogramming software is related to the possibility of modifying the cookie file. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

CVE-2022-41158

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...

The vulnerabilities of the microprogramming software for the OPC UA Modicon Communication Module (BMENUA0100) and the X80 advanced RTU Communication Module (BMENOR2200H) allow attackers to cause service interruptions.

The vulnerability of the microprogramming software for the OPC UA Modicon Communication Module BMENUA0100 and the X80 advanced RTU Communication Module BMENOR2200H is related to errors in cookie file processing. Exploiting this vulnerability can allow a remote attacker to cause service failures...

Internet Bug Bounty: CVE-2022-32207: Unpreserved file permissions

When curl saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name. In that rename operation, it might accidentally widen the permissions for the target file, leaving the update...

SUSE SLES12 Security Update : libzypp (SUSE-SU-2020:0079-2)

This update for libzypp fixes the following issues : Security issue fixed : CVE-2019-18900: Fixed assert cookie file that was world readable bsc1158763. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted...

Brave Android 1.16.68 Security Fixes

Fixed file-path for cookies as reported on HackerOne by kanytu. - Encrypted private wallet data preferences for Brave Rewards...