CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

333 matches found

DEBIAN-CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.8AI score

Exploits0References1

ATTACKERKB•added 2 days ago•4 views

CVE-2026-43625

CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive...

8.2CVSS5.8AI score0.00021EPSS

Exploits0References5

RedHat Linux•added 2 days ago•7 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.8AI score0.00014EPSS

Exploits1References5

Positive Technologies•added 2 days ago•8 views

PT-2026-45519

8.2CVSS5.8AI score0.00021EPSS

Exploits0References5

CNNVD•added 2 days ago•2 views

CodexBar security vulnerabilities

CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.32.0 contained security vulnerabilities. These vulnerabilities were caused by a session cookie leakage issue, which could allow network attackers to exploit the improper...

8.2CVSS5.8AI score0.00021EPSS

Exploits0References4

RedHat Linux•added 6 days ago•4 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

8.2CVSS5.8AI score0.00014EPSS

Exploits1References5

Tenable Nessus•added 2026/05/22 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-8706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive...

6.5CVSS6AI score0.00019EPSS

Exploits0References2

OSV•added 2026/05/21 2:36 p.m.•2 views

CLSA-2026-1779357790 curl: Fix of 2 CVEs

CVE-2026-5773: wrong reuse of SMB connection; disable connection reuse for SMBS so a subsequent transfer cannot wrongfully reuse a pooled connection to a different share - CVE-2026-6276: clear stale custom-Host cookiehost between requests on the same easy handle cookie leak across origins...

7.5CVSS5.8AI score0.00019EPSS

Exploits2References1

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в pypy

In the http.cookiejar.py module of Python, prior to version 3.7.3, the domain validation mechanism was not properly implemented. This vulnerability could allow existing cookies to be sent to the wrong server. Attackers could exploit this flaw by using a server whose hostname contains another vali...

5.3CVSS6.7AI score0.01665EPSS

Exploits1References1

OSV•added 2026/05/18 4:42 p.m.•3 views

GHSA-FMXF-PM6P-7XGM async-http-client: Cookie header not stripped on cross-origin redirect

Summary async-http-client leaks Cookie headers to cross-origin redirect targets. When following a redirect across a security boundary different origin, or HTTPS→HTTP downgrade, the propagatedHeaders method in Redirect30xInterceptor.java strips Authorization and Proxy-Authorization headers but doe...

7.4CVSS5.8AI score

Exploits0References4

RedhatCVE•added 2026/05/13 8:23 p.m.•4 views

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00035EPSS

Exploits0References1

CVE•added 2026/05/13 8:28 a.m.•10 views

CVE-2026-6276

CVE-2026-6276 affects libcurl: if a custom Host header is initially set for an HTTP request and a subsequent request on the same easy handle is made without the Host header, the second request can reuse stale host information and leak cookies intended for the first host. The issue manifests as a ...

7.5CVSS5.8AI score0.00013EPSS

Exploits1References4Affected Software1

Debian CVE•added 2026/05/13 8:28 a.m.•6 views

CVE-2026-6276

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

7.5CVSS5.8AI score0.00013EPSS

Exploits1

EUVD•added 2026/05/13 8:28 a.m.•7 views

EUVD-2026-29928

7.5CVSS5.8AI score0.00013EPSS

Exploits1References3

CNNVD•added 2026/05/13 12:0 a.m.•4 views

libcurl 安全漏洞

libcurl is a free and easy-to-use client URL transfer library for cURL, which is open-source. There is a security vulnerability in libcurl, caused by improper handling of custom Host headers. This vulnerability may lead to the incorrect transmission of cookies from the first request during the...

7.5CVSS5.8AI score0.00013EPSS

Exploits1References1

OSV•added 2026/05/12 6:17 p.m.•3 views

DEBIAN-CVE-2026-42177

5.3CVSS5.8AI score0.00035EPSS

Exploits0References1