Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-20997

Malicious code in bioql PyPI...

7.5CVSS6.3AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3462

Malicious code in bioql PyPI...

7.4CVSS7.3AI score0.00768EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2024-12397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an...

7.4CVSS6.8AI score0.00768EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 12:0 a.m.326 views

CVE-2025-27219

CVE-2025-27219 : In the CGI gem for Ruby, the CGI::Cookie.parse method (Ruby CGI library) has a Denial of Service vulnerability due to no limit on the length of the raw cookie value processed. This can lead to excessive resource consumption when parsing extremely large cookies. Connected referenc...

7.5CVSS5.6AI score0.00784EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/01/17 3:5 p.m.16 views

BIT-PYTHON-MIN-2024-7592 Quadratic complexity parsing cookies with backslashes

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS6.6AI score0.02303EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2024/12/16 12:0 a.m.29 views

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2024-790)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-790 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot...

9.8CVSS7.6AI score0.27095EPSS
Exploits7References16
NVD
NVD
added 2024/12/12 9:15 a.m.16 views

CVE-2024-12397

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

7.4CVSS0.00768EPSS
Exploits0References5
OSV
OSV
added 2024/11/22 4:15 p.m.8 views

AZL-53624 CVE-2024-52804 affecting package python-tornado 6.2.0-1

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

7.5CVSS7.3AI score0.01051EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/05/08 2:25 p.m.6 views

undertow: Cookie Smuggling/Spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

7.4CVSS5.8AI score0.01117EPSS
Exploits0References4
OSV
OSV
added 2023/02/15 3:37 p.m.2 views

GHSA-PX8H-6QXV-M22Q Incorrect parsing of nameless cookies leads to __Host- cookies bypass

Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain. Werkzeug = 2.2.2 will parse the cookie =Host-test=bad as...

2.6CVSS6.3AI score0.00507EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/02/14 7:56 p.m.7 views

CVE-2023-23934 Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass

Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...

2.6CVSS5.4AI score0.00507EPSS
Exploits0References5
Rows per page
Query Builder