CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

604 matches found

EUVD•added yesterday•7 views

EUVD-2026-32925

Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection...

5.3CVSS5.8AI score0.00125EPSS

Exploits0References4

OSV•added yesterday•3 views

GHSA-3HRH-PFW6-9M5X Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Summary The serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, \r, \n, but does not apply the same validation to sameSite and priority. An application that passes user-controlled input into either option may produce a...

4.3CVSS5.8AI score0.00125EPSS

Exploits0References5

SUSE CVE•added yesterday•3 views

SUSE CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References3

Positive Technologies•added yesterday•5 views

PT-2026-46844

Summary The serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, r, , but does not apply the same validation to sameSite and priority. An application that passes user-controlled input into either option may produce a...

5.3CVSS5.8AI score0.00125EPSS

Exploits0References6

OSV•added 2 days ago•3 views

GHSA-HG6J-4RV6-33PG AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

Summary Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. Impact If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Workaround If unable to...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References4

EUVD•added 2 days ago•7 views

EUVD-2026-34007

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References3

OSV•added 3 days ago•5 views

DEBIAN-CVE-2026-47265

8.7CVSS5.8AI score0.00019EPSS

Exploits0References1

NVD•added 3 days ago•7 views

CVE-2026-47265

8.7CVSS0.00019EPSS

Exploits0References2

ATTACKERKB•added 3 days ago•5 views

CVE-2026-47265

8.7CVSS5.8AI score0.00019EPSS

Exploits0References3Affected Software1

Vulnrichment•added 3 days ago•5 views

CVE-2026-47265 AIOHTTP vulnerable to cross-origin redirect with per-request cookies

8.7CVSS5.8AI score0.00019EPSS

Exploits0References2

OSV•added 3 days ago•3 views

OPENSUSE-SU-2026:20885-1 Security update for python-Flask

This update for python-Flask fixes the following issue: - CVE-2026-27205: information disclosure due to Flask session not adding the Vary: Cookie header bsc1258700...

4.3CVSS5.8AI score0.00014EPSS

Exploits0References2

Positive Technologies•added 3 days ago•8 views

PT-2026-45836

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.0 Description Cookies set using the cookies parameter on requests are sent after following a cross-origin redirect. This behavior can lead to the leakage of sensitive data to an attacker if they can control the...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References7

Cvelist•added 2026/05/28 3:28 p.m.•22 views

CVE-2026-47675 Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, \r, \n, but does not apply the same validation to sameSite an...

4.3CVSS0.00125EPSS

Exploits0References1

ATTACKERKB•added 2026/05/28 3:28 p.m.•5 views

CVE-2026-47675

4.3CVSS5.8AI score0.00125EPSS

Exploits0References2Affected Software1

Nuclei•added 2026/05/27 3:54 a.m.•35 views

TBK DVR4104/DVR4216 Devices - Authentication Bypass

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin"...

9.8CVSS7.4AI score0.94141EPSS

Exploits13References5

RedhatCVE•added 2026/05/26 8:14 p.m.•9 views

CVE-2026-47070

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

6.1CVSS5.8AI score0.00027EPSS

Exploits1References1

NVD•added 2026/05/25 3:16 p.m.•11 views

CVE-2026-47070

6.1CVSS0.00027EPSS

Exploits1References4

ATTACKERKB•added 2026/05/25 2:0 p.m.•6 views

CVE-2026-47070

9.8CVSS6.8AI score0.03854EPSS

Exploits1References5Affected Software1

OSV•added 2026/05/25 2:0 p.m.•4 views

EEF-CVE-2026-47070 HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney

Summary Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3...

6CVSS5.8AI score0.00027EPSS

Exploits1References4

Cvelist•added 2026/05/25 2:0 p.m.•29 views

CVE-2026-47070 HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney

6CVSS0.00027EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by