Lucene search
K

191 matches found

CNNVD
CNNVD
added 2026/03/04 12:0 a.m.11 views

Hono 安全漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 contained security vulnerabilities. These vulnerabilities stemmed from the setCookie tool, which did not validate the semicolons, line breaks, or newlines in the domain and path parameters when...

5.4CVSS5.8AI score0.00216EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 10:32 a.m.4 views

SUSE-SU-2026:20543-1 Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.12. Security issues fixed: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2025-15282: user-controlled data URLs parsed may...

6CVSS7.5AI score0.0056EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.8 views

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1444)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1444 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

6CVSS7.1AI score0.0056EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.6 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Python vulnerabilities (USN-8018-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8018-1 advisory. Denis Ledoux discovered that Python incorrectly parsed email message headers. An...

6.3CVSS7.3AI score0.00708EPSS
Exploits0References9
Ubuntu
Ubuntu
added 2026/02/05 6:18 p.m.10 views

USN-8018-1: Python vulnerabilities

Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this issue to inject arbitrary headers into email messages. This issue only affected python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and...

6.3CVSS7.8AI score0.00708EPSS
Exploits0
OSV
OSV
added 2026/02/05 2:5 p.m.5 views

USN-8018-1 python3.14, python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4 vulnerabilities

Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this issue to inject arbitrary headers into email messages. This issue only affected python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and...

6.3CVSS7.3AI score0.00708EPSS
Exploits0References9
Snyk
Snyk
added 2026/01/20 6:58 p.m.4 views

Insufficient Session Expiration

Overview @hotwired/turbo is a The speed of a single-page web application without having to write any JavaScript Affected versions of this package are vulnerable to Insufficient Session Expiration due to a race condition. An attacker can cause stale session cookies to be restored by delaying HTTP...

6.3CVSS5.5AI score0.00242EPSS
Exploits1References3
Snyk
Snyk
added 2026/01/05 11:13 p.m.7 views

Logging of Excessive Data

Overview Affected versions of this package are vulnerable to Logging of Excessive Data via the cookies attribute. An attacker can generate excessive warning-level log entries by sending specially crafted Cookie headers. Remediation Upgrade aiohttp to version 3.13.3 or higher. References - GitHub...

6.9CVSS6.8AI score0.00332EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-5527

Malware in sbrugna...

9.8CVSS9.4AI score0.0312EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-3028

Malware in sbrugna...

5.3CVSS7.4AI score0.01765EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-17298

Malicious code in bioql PyPI...

6.1CVSS8AI score0.00743EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6032

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.0182EPSS
Exploits0References10
Snyk
Snyk
added 2025/09/26 12:0 a.m.2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the cookie date formatting process. An attacker can access sensitive memory contents by sending specially crafted cookie headers. Remediation There is no fixed version for libsoup. References - Gitlab Issue - Red...

8.7CVSS6.9AI score0.00594EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-27776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host...

6.5CVSS6.5AI score0.03425EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-31042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https...

7.5CVSS7.1AI score0.0182EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/03/24 10:39 a.m.10 views

python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...

7.5CVSS5.8AI score0.01051EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/03/24 10:39 a.m.7 views

python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...

7.5CVSS5.8AI score0.01051EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2013-6167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote...

6.8CVSS8.2AI score0.01636EPSS
Exploits0References2
OSV
OSV
added 2025/02/07 4:15 p.m.9 views

CVE-2024-57249

Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses...

6.5CVSS5.8AI score0.00481EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/02/05 5:59 p.m.10 views

CVE-2019-14300

Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...

9.8CVSS7.6AI score0.0312EPSS
Exploits0References1
Rows per page
Query Builder