CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

75 matches found

CVE-2026-6873

Django vulnerability CVE-2026-6873 affects Django 6.0 before 6.0.6 and 5.2 before 5.2.15. The issue is in django.http.HttpRequest.get_signed_cookie, where a non-injective salt derivation (concatenating the cookie name and salt argument) allows a remote attacker to use a cookie in a context differ...

3.1CVSS5.8AI score

Exploits0References3

Nuclei•added 6 days ago•27 views

SafeGuard for Privileged Passwords < 7.5.2 - Authentication Bypass

One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations VMware or HyperV. The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2. id: CVE-2024-45488 info: name: SafeGuard for...

9.8CVSS5.8AI score0.86859EPSS

Exploits0References5

RedHat Linux•added 2026/05/19 1:27 p.m.•4 views

Moderate: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.7CVSS7.2AI score0.00028EPSS

Exploits0References3

Amazon•added 2026/05/14 12:0 a.m.•6 views

Medium: python-tornado

Issue Overview: In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536 Affected Packages: python-tornado Note: This advisory is applicable to Amazon Linux...

7.2CVSS5.8AI score0.00018EPSS

Exploits0

Tenable Nessus•added 2026/04/30 12:0 a.m.•3 views

Amazon Linux 2023 : python3.13-tornado (ALAS2023-2026-1588)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1588 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536...

7.2CVSS5.8AI score0.00018EPSS

Exploits0References4

IBM Security Bulletins•added 2026/03/05 1:53 p.m.•8 views

Security Bulletin: Security vulnerabilities found in the Red Hat Universal Minimal Base Image shipped with CICS Transaction Gateway for Multiplatforms

Summary Security vulnerabilities found in the Red Hat Universal Base Image Minimal shipped with CICS Transaction Gateway for Multiplatforms. This fix resolves these vulnerability CVE-2025-9230, CVE-2025-9086, CVE-2025-9230. Vulnerability Details CVEID:CVE-2025-11083 DESCRIPTION: A vulnerability h...

7.8CVSS5.5AI score0.00275EPSS

Exploits2Affected Software1

OSV•added 2026/03/04 4:16 p.m.•1 views

CVE-2025-59786

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

9.8CVSS5.8AI score

Exploits0References1

Cvelist•added 2026/03/04 3:30 p.m.•26 views

CVE-2025-59786 Cookies are not Invalidated upon Logout and Password Change

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

6CVSS0.00065EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:50 a.m.•3 views

CVE-2020-24713

Gophish through 0.10.1 does not invalidate the gophish cookie upon logout...

7.5CVSS7AI score0.0036EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:43 a.m.•5 views

CVE-1999-0809

Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed"...

5CVSS6.9AI score0.0061EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:10 a.m.•5 views

CVE-2019-16674

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network...

9.8CVSS6.9AI score0.00548EPSS

Exploits0References1

UbuntuCve•added 2026/01/06 12:0 a.m.•2 views

CVE-2025-69230

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...

6.9CVSS7AI score0.00011EPSS

Exploits0References3

Tenable Nessus•added 2025/12/29 12:0 a.m.•2 views

Alibaba Cloud Linux 3 : 0199: curl (ALINUX3-SA-2025:0199)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0199 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-9086: 1. A cookie is set using the secure...

7.5CVSS6.3AI score0.00275EPSS

Exploits1References2

Oracle linux•added 2025/12/18 12:0 a.m.•5 views

curl security update

7.61.1-34.el810.9 - cookie: don't treat the leading slash as trailing CVE-2025-9086 Resolves: RHEL-121655...

7.5CVSS7.1AI score0.00275EPSS

Exploits1

Tenable Nessus•added 2025/11/12 12:0 a.m.•2 views

EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-2382)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...

7.5CVSS6.4AI score0.00275EPSS

Exploits1References2