Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.8 views

CVE-2026-47070

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

9.8CVSS6.8AI score0.08031EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/15 4:27 p.m.7 views

CVE-2026-41181 Traefik: Errors middleware forwards Authorization and Cookie headers to separate error page service

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2026/01/20 12:0 a.m.2 views

MiracleLinux 9 : fence-agents-4.10.0-55.el9_3.2.ML.1 (AXSA:2023-7064:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7064:07 advisory. python-certifi: Removal of e-Tugra root certificate CVE-2023-37920 python-urllib3: Cookie request header isn't stripped during cross-origin redirect...

9.8CVSS7.6AI score0.01207EPSS
Exploits0References3
Veracode
Veracodeadded 2026/01/13 8:0 a.m.6 views

Sensitive Information Disclosure

Sentry-Javascript is vulnerable to Sensitive Information Disclosure. The vulnerability is due to over-collection of sensitive HTTP headers when sendDefaultPii is enabled, where headers such as Cookie can be sent to and stored in Sentry traces, allowing users with access to the Sentry organization...

5CVSS6.8AI score0.00287EPSS
Exploits0References3Affected Software12
OSV
OSVadded 2025/11/24 9:52 p.m.4 views

GHSA-6465-JGVQ-JHGP Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true`

Impact In version 10.11.0, a change to how the SDK collects request data in Node.js applications caused certain incoming HTTP headers to be added as trace span attributes. When sendDefaultPii: true was set, a few headers that were previously redacted - including Authorization and Cookie - were...

5CVSS6.5AI score0.00287EPSS
Exploits0References9
OSV
OSVadded 2022/06/10 12:15 a.m.1 views

DEBIAN-CVE-2022-31042

Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a...

7.5CVSS7.3AI score0.01808EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2020/01/23 4:30 a.m.3 views

jenkins: Diagnostic web page exposed Cookie HTTP header

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly...

5.4CVSS5.9AI score0.65753EPSS
Exploits0References4
Rows per page
Query Builder