CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

NCSC•added 2026/05/30 10:52 a.m.•15 views

Vulnerability handling in Palo Alto Networks PAN-OS and Prisma Access

Palo Alto Networks has identified a vulnerability in the PAN-OS’ GlobalProtect portal and gateway components. An unauthorized malicious actor can exploit this vulnerability to establish a VPN connection. As a result, the malicious actor gains access to internal systems that are accessible via the...

9.1CVSS6.1AI score0.86678EPSS

Exploits9References2

The Hacker News•added 2026/05/30 6:41 a.m.•15 views

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 CVSS score: 7.8, refers to a case of authentication bypass that could be exploited b...

9.1CVSS5.9AI score0.86678EPSS

Exploits9

OSV•added 2026/05/04 1:12 p.m.•5 views

JLSEC-2026-435 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or...

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

7.5CVSS6.6AI score0.01301EPSS

Exploits1References7

Snyk•added 2026/04/08 12:17 a.m.•2 views

Improper Input Validation

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Input Validation via the getCookie function. An attacker can override legitimate cookies and bypass prefix protections by setting cookies with non-breaking space prefixes, leadin...

6.3CVSS5.8AI score0.00284EPSS

Exploits0References2

Github Security Blog•added 2026/03/17 4:17 p.m.•11 views

Elysia Cookie Value Prototype Pollution

Impact Elysia cookie can be overridden by prototype pollution , eg. proto Sending cookie with the follows name can override cookie value: bash proto=%7B%22injected%22%3A%22polluted%22%7D Patches Patched by 1.4.27 Workarounds 1. Use t.Cookie validation to enforce validation value 2. Prevent iterab...

6.5CVSS5.8AI score0.00232EPSS

Exploits0References4Affected Software1

RedHat Linux•added 2026/01/28 10:9 a.m.•4 views

curl: libcurl: Curl out of bounds read for cookie path

An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site...

7.5CVSS5.8AI score0.01301EPSS

Exploits1References8

RedHat Linux•added 2026/01/27 3:26 p.m.•6 views

curl: libcurl: Curl out of bounds read for cookie path

7.5CVSS5.8AI score0.01301EPSS

Exploits1References8

RedHat Linux•added 2025/12/11 1:44 p.m.•4 views

curl: libcurl: Curl out of bounds read for cookie path

7.5CVSS5.8AI score0.01301EPSS

Exploits1References8

RedHat Linux•added 2025/12/11 1:0 p.m.•4 views

curl: libcurl: Curl out of bounds read for cookie path

7.5CVSS5.8AI score0.01301EPSS

Exploits1References8

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-29014

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.01301EPSS

Exploits1References4

OSV•added 2025/09/12 6:15 a.m.•4 views

CVE-2025-9086

7.5CVSS6.3AI score0.01301EPSS

Exploits1References5

OSV•added 2025/09/12 6:15 a.m.•3 views

DEBIAN-CVE-2025-9086

7.5CVSS6.8AI score0.01301EPSS

Exploits1References1

Snyk•added 2025/09/12 5:42 a.m.•4 views

Out-of-bounds Read

Overview curl is a command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP. libcurl offers a myriad of...

7.5CVSS6.7AI score0.01301EPSS

Exploits1References2

AlpineLinux•added 2025/09/12 5:10 a.m.•2 views

CVE-2025-9086

7.5CVSS6.4AI score0.01301EPSS

Exploits1

Cvelist•added 2025/09/12 5:10 a.m.•8 views

CVE-2025-9086 Out of bounds read for cookie path

0.01301EPSS

Exploits1References3

CVE•added 2025/09/12 5:10 a.m.•68 views

CVE-2025-9086

CVE-2025-9086 affects curl’s curl/libcurl component. Reports indicate an out-of-bounds read when handling a cookie path for a secure cookie, which can cause a crash or potentially allow memory-read conditions. The vulnerability is documented across multiple advisories and vendor pages, including ...

7.5CVSS6.2AI score0.01301EPSS

Exploits1References7Affected Software1

Vulnrichment•added 2025/09/12 5:10 a.m.•4 views

CVE-2025-9086 Out of bounds read for cookie path

6.2AI score0.01301EPSS

Exploits1References3

SUSE CVE•added 2025/09/10 11:27 p.m.•3 views

SUSE CVE-2025-9086

7.5CVSS6.4AI score0.01301EPSS

Exploits1References15

OSV•added 2025/09/10 8:0 a.m.•1 views

CURL-CVE-2025-9086 Out of bounds read for cookie path

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with only a slash as path path="/". Since this site is not...

7.5CVSS6.6AI score0.01301EPSS

Exploits1

OSV•added 2025/09/10 7:0 a.m.•3 views

UBUNTU-CVE-2025-9086

7.5CVSS6.6AI score0.01301EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by