Lucene search
+L

670 matches found

cve
cve
added 3 days ago12 views

CVE-2026-15076

Vulnerability context: CVE-2026-15076 affects Eclipse Vert.x Web Client’s WebClientSession (versions up to 4.5.29 and 5.1.4). The issue is that the Domain attribute of a Set-Cookie header is not validated against the originating server’s domain. Root cause: WebClientSession stores cookies without...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References1Affected Software1
osv
osv
added 3 days ago3 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References4
cvelist
cvelist
added 3 days ago28 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS0.00157EPSS
Exploits0References1
attackerkb
attackerkb
added 3 days ago4 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References2Affected Software1
nvd
nvd
added last week9 views

CVE-2026-56813

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS0.00146EPSS
Exploits0References4
osv
osv
added last week4 views

CVE-2026-56813 Cookie attribute injection in Plug.Conn.Cookies.encode/2

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS6.1AI score0.00146EPSS
Exploits0References9
susecve
susecve
added 2026/07/10 3:20 a.m.4 views

SUSE CVE-2026-8924

A flaw in curl's cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

8.1CVSS6.1AI score0.00649EPSS
Exploits1References8
nessus
nessus
added 2026/07/10 12:0 a.m.7 views

libcurl 7.46.0 < 8.21.0 Super Cookie PSL Bypass (CVE-2026-8924)

The version of libcurl installed on the remote host is 7.46.0 prior to 8.21.0. It is, therefore, affected by a cookie injection vulnerability: - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an...

9.1CVSS6.1AI score0.00649EPSS
Exploits1References2
cvelist
cvelist
added 2026/07/08 3:56 p.m.36 views

CVE-2026-59883 Guzzle: Cookie Disclosure and Injection via IP-Address Domains

Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain applied ordinary suffix matching to domains such as 192.168.0.1, ::1, or 1, allowing...

4.7CVSS0.00115EPSS
Exploits0References4
cve
cve
added 2026/07/08 3:56 p.m.16 views

CVE-2026-59883

CVE-2026-59883 – Guzzle: CookieJar domain-matching flaw in the PHP HTTP client allowed cookies scoped to IP-address or bare-numeric domains (e.g., 192.168.0.1, ::1) to be accepted by non-origin hosts due to SetCookie::matchesDomain() applying ordinary suffix matching. Affects versions prior to 7....

6.1CVSS6AI score0.00115EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/07/08 3:56 p.m.4 views

CVE-2026-59883 Guzzle: Cookie Disclosure and Injection via IP-Address Domains

Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain applied ordinary suffix matching to domains such as 192.168.0.1, ::1, or 1, allowing...

4.7CVSS6.1AI score0.00115EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/07/08 8:21 a.m.4 views

CVE-2026-55688

A flaw was found in the AsyncHttpClient AHC library. The ThreadSafeCookieStore component did not properly verify the domain attribute of cookies, allowing a malicious host to set a cookie for an unrelated domain. This cookie would then be sent by the client in subsequent requests to the targeted...

4CVSS5.8AI score0.00179EPSS
Exploits0References5
euvd
euvd
added 2026/07/03 6:15 a.m.7 views

EUVD-2026-41505

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

6AI score0.00649EPSS
Exploits1References3
cvelist
cvelist
added 2026/07/03 6:15 a.m.76 views

CVE-2026-8924 trailing dot domain super cookie

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

0.00649EPSS
Exploits1References3
osv
osv
added 2026/07/01 8:17 p.m.4 views

DEBIAN-CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0References1
osv
osv
added 2026/07/01 8:17 p.m.4 views

UBUNTU-CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0References4
debiancve
debiancve
added 2026/07/01 7:40 p.m.7 views

CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0
osv
osv
added 2026/07/01 7:40 p.m.6 views

CVE-2026-55688 AsyncHttpClient: Cookie stored for an unrelated domain (cookie tossing) via ThreadSafeCookieStore

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS6AI score0.00179EPSS
Exploits0References4
osv
osv
added 2026/06/30 9:6 a.m.3 views

SUSE-SU-2026:2695-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...

9.8CVSS6.1AI score0.02806EPSS
Exploits3References39
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.13 views

PT-2026-54436

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description An issue exists where cookie values processed by the login.pl and debug.pl scripts are incorporated directly into database queries without adequate sanitization. This...

9.3CVSS5.9AI score0.00406EPSS
Exploits0References5
Rows per page
Query Builder