Lucene search
K

192 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.12 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Apache HTTP Server vulnerability (USN-8384-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8384-1 advisory. It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attack...

7.5CVSS5.4AI score0.11471EPSS
Exploits8References2
OSV
OSV
added 2026/06/04 12:29 p.m.9 views

USN-8384-1 apache2 vulnerability

It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume excessive resources, resulting in a denial of service...

7.5CVSS5.8AI score0.11471EPSS
Exploits8References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46876

It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume excessive resources, resulting in a denial of service...

5.8AI score0.11471EPSS
Exploits8References3
Rosalinux
Rosalinux
added 2026/06/01 11:49 a.m.51 views

Advisory ROSA-SA-2026-3307

Software: python-future 0.18.2 Operating System: ROSA-CHROME Unaffected versions: = python-future-0.18.2-4 Affected versions: python-future-0.18.2-4 CVE-ID: CVE-2022-40899 BDU-ID: 2023-02446 CVE-Crit: HIGH CVE-DESCRIPTION: The compatibility vulnerability in Python Charmers Future is related to...

7.5CVSS5.8AI score0.01804EPSS
Exploits1
Snyk
Snyk
added 2026/05/28 6:24 p.m.11 views

HTTP Response Splitting

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the serialize function. An attacker can inject arbitrary attributes into the Set-Cookie response header by supplying crafted input to the sameSite or priority...

5.3CVSS5.9AI score0.00216EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Hono 安全漏洞

Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.12.21 contained security vulnerabilities. These vulnerabilities stemmed from the serialize function not verifying the sameSite and priority options. This could allow the application to pass...

5.3CVSS5.8AI score0.00216EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.17 views

TencentOS Server 3: python3.12 (TSSA-2026:0389)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0389 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.1CVSS6.9AI score0.01279EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2026/05/25 2:0 p.m.13 views

CVE-2026-47069 CRLF injection in cookie domain/path options in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

2.1CVSS6AI score0.00374EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/18 4:42 p.m.10 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview org.asynchttpclient:async-http-client is a maven plugin for the Async Http Client AHC classes. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the propagatedHeaders method during cross-origin redirects,...

7.4CVSS5.8AI score0.00322EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/14 3:58 p.m.86 views

CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS0.00505EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

Cowlib 注入漏洞

Cowlib is a web protocol message parsing and building library developed by Nine Nines. Version 2.9.0 of cowlib contains an injection vulnerability. This vulnerability stems from the cowcookie:cookie/1 function in cowlib, which constructs client Cookie request headers based on a list of name-value...

3.2CVSS5.8AI score0.00145EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.45 views

Traefik < 2.11.44 / 3.x < 3.6.15 Information Disclosure (GHSA-p6hg-qh38-555r)

The version of Traefik installed on the remote macOS host is prior to 2.11.44 or 3.x prior to 3.6.15. It is, therefore, affected by an information disclosure vulnerability: - Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service. CVE-2026-41181 Note...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/07 1:49 a.m.30 views

Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

Summary The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. This vulnerability is present in the RedirectHandlers...

7CVSS5.9AI score0.00505EPSS
Exploits0References3Affected Software5
OSV
OSV
added 2026/05/05 4:16 p.m.12 views

PYSEC-2026-50

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django serie...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References4
OSV
OSV
added 2026/05/04 1:12 p.m.7 views

JLSEC-2026-392

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

4.3CVSS6.7AI score0.26915EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: python3 (UTSA-2026-014307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014307 advisory. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters...

6CVSS5.2AI score0.00401EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.11 views

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1583)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1583 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

7.5CVSS6.8AI score0.00621EPSS
Exploits0References18
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.5 views

CVE-2026-34518

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. When AIOHTTP follows redirects to a different origin, it incorrectly retains sensitive Cookie and Proxy-Authorization headers. This oversight could lead to information disclosure, where these headers...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/01 8:15 p.m.2 views

CVE-2026-34518 AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/23 9:44 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the getChunkedCookieCount function. An attacker can cause the server to enter an inefficient cleanup...

8.7CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder