CVE-2026-7930

Insufficient validation of untrusted input in Cookies in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7930

Insufficient validation of untrusted input in Cookies in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

Security update for python3

This update for python3 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969...

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1600)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1600 advisory. The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.aud...

OESA-2026-1902 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Medium: python

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

TencentOS Server 3: mod_auth_openidc:2.3 (TSSA-2024:0762)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0762 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-55847

Wavlink M86X3AV240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service D...

CVE-2023-1650

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...

PT-2022-19740 · Linglong · Linglong

Name of the Vulnerable Software and Affected Versions: Linglong version 1.0 Description: An access control issue allows attackers to access the background of the application via a crafted cookie. Recommendations: For Linglong version 1.0, consider restricting access to sensitive areas of the...

Engel & Völkers Technology GmbH: XSS reflected

Summary: Cookie input nbu2 was set to "alert9536" and the input is reflected inside a tag between single quotes. Steps To Reproduce: 1. go to https://www.engelvoelkers.com/en/search/ 1. change parameter nbu2 in Cookie to :- "alert9536" 1. now check the response alerting 9536 in popup window...

SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability

No description provided by source. SetSeed CMS 5.8.20 loggedInUser Remote SQL Injection Vulnerability Vendor: SetSeed Product web page: http://www.setseed.com Affected version: 5.8.20 Summary: SetSeed is a self-hosted CMS which lets you rapidly build and deploy complete websites and online stores...

Twister Peer-To-Peer Microblogging Information Disclosure

======================================================================== TWISTER Peer-To-Peer microblogging Multiples Application Error Message and disclosing sensitive information ======================================================================== TIME-LINE VULNERABILITY Multiples Advisorie...

SetSeed CMS 5.8.20 (loggedInUser) remote sql injection flaws and fixes-vulnerability warning-the black bar safety net

SetSeed CMS 5.8.20 loggedInUser Remote SQL Injection Vulnerability Developer: SetSeed Program official: http://www.setseed.com Affected version: 5.8.20 Summary: SetSeed is a self-hosted CMS which lets you rapidly build and deploy complete websites and online stores for your clients. Description:...

SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability

Summary SetSeed is a self-hosted CMS which lets you rapidly build and deploy complete websites and online stores for your clients. Description SetSeed CMS is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the vulnerable script using the cookie input...

SetSeed CMS 5.8.20 - loggedInUser SQL Injection

SetSeed CMS 5.8.20 - loggedInUser SQL Injection SetSeed CMS 5.8.20 loggedInUser Remote SQL Injection Vulnerability Vendor: SetSeed Product web page: http://www.setseed.com Affected version: 5.8.20 Summary: SetSeed is a self-hosted CMS which lets you rapidly build and deploy complete websites and...

SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability

Exploit for php platform in category web applications SetSeed CMS 5.8.20 loggedInUser Remote SQL Injection Vulnerability Vendor: SetSeed Product web page: http://www.setseed.com Affected version: 5.8.20 Summary: SetSeed is a self-hosted CMS which lets you rapidly build and deploy complete website...