CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

76 matches found

SafeGuard for Privileged Passwords < 7.5.2 - Authentication Bypass

One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations VMware or HyperV. The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2. id: CVE-2024-45488 info: name: SafeGuard for...

9.8CVSS5.9AI score0.50172EPSS

Exploits0References5

CVE•added 2026/06/03 1:16 p.m.•30 views

CVE-2026-6873

CVE-2026-6873 affects Django 6.0 before 6.0.6 and 5.2 before 5.2.15. The issue is a non-injective salt derivation in django.http.HttpRequest.get_signed_cookie that concatenates the cookie name and salt argument, enabling a remote attacker to use a signed cookie in a context different from where i...

4.3CVSS5.8AI score0.00245EPSS

Exploits0References3Affected Software1

RedHat Linux•added 2026/05/19 1:27 p.m.•9 views

Moderate: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.7CVSS7.2AI score0.00375EPSS

Exploits0References3

Amazon•added 2026/05/14 12:0 a.m.•10 views

Medium: python-tornado

Issue Overview: In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536 Affected Packages: python-tornado Note: This advisory is applicable to Amazon Linux...

7.2CVSS5.8AI score0.00237EPSS

Exploits0

Tenable Nessus•added 2026/04/30 12:0 a.m.•6 views

Amazon Linux 2023 : python3.13-tornado (ALAS2023-2026-1588)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1588 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536...

7.2CVSS5.8AI score0.00237EPSS

Exploits0References4

IBM Security Bulletins•added 2026/03/05 1:53 p.m.•12 views

Security Bulletin: Security vulnerabilities found in the Red Hat Universal Minimal Base Image shipped with CICS Transaction Gateway for Multiplatforms

Summary Security vulnerabilities found in the Red Hat Universal Base Image Minimal shipped with CICS Transaction Gateway for Multiplatforms. This fix resolves these vulnerability CVE-2025-9230, CVE-2025-9086, CVE-2025-9230. Vulnerability Details CVEID:CVE-2025-11083 DESCRIPTION: A vulnerability h...

7.8CVSS5.5AI score0.0177EPSS

Exploits2Affected Software1

OSV•added 2026/03/04 4:16 p.m.•3 views

CVE-2025-59786

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

9.8CVSS5.8AI score0.00254EPSS

Exploits0References1

Cvelist•added 2026/03/04 3:30 p.m.•29 views

CVE-2025-59786 Cookies are not Invalidated upon Logout and Password Change

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

6CVSS0.00254EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:50 a.m.•5 views

CVE-2020-24713

Gophish through 0.10.1 does not invalidate the gophish cookie upon logout...

7.5CVSS7AI score0.01142EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:43 a.m.•8 views

CVE-1999-0809

Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed"...

5CVSS6.9AI score0.01403EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:10 a.m.•14 views

CVE-2019-16674

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network...

9.8CVSS6.9AI score0.01873EPSS

Exploits0References1

UbuntuCve•added 2026/01/06 12:0 a.m.•3 views

CVE-2025-69230

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...

6.9CVSS7AI score0.00332EPSS

Exploits0References3

Tenable Nessus•added 2025/12/29 12:0 a.m.•5 views

Alibaba Cloud Linux 3 : 0199: curl (ALINUX3-SA-2025:0199)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0199 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-9086: 1. A cookie is set using the secure...

7.5CVSS6.3AI score0.01301EPSS

Exploits1References2

Oracle linux•added 2025/12/18 12:0 a.m.•7 views

curl security update

7.61.1-34.el810.9 - cookie: don't treat the leading slash as trailing CVE-2025-9086 Resolves: RHEL-121655...

7.5CVSS7.1AI score0.01301EPSS

Exploits1

Tenable Nessus•added 2025/11/12 12:0 a.m.•4 views

EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-2382)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...

7.5CVSS6.4AI score0.01301EPSS

Exploits1References2