Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

43 matches found

OSV
OSVadded 2026/05/11 9:31 p.m.2 views

GHSA-G2WM-735Q-3F56 cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

2.1CVSS5.9AI score0.00022EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/05/11 9:31 p.m.4 views

cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

3.2CVSS6AI score0.00022EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/05/11 9:31 p.m.4 views

EUVD-2026-29193

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

2.1CVSS6AI score0.00022EPSS
Exploits0References4
NVD
NVDadded 2026/05/11 7:16 p.m.5 views

CVE-2026-43969

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

3.2CVSS0.00022EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/11 6:6 p.m.3 views

CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

2.1CVSS6AI score0.00022EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/11 6:6 p.m.27 views

CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

2.1CVSS0.00022EPSS
Exploits0References3
OSV
OSVadded 2026/05/11 6:6 p.m.0 views

EEF-CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value...

2.1CVSS6AI score0.00022EPSS
Exploits0References3
CVE
CVEadded 2026/05/11 6:6 p.m.5 views

CVE-2026-43969

CVE-2026-43969 affects the Erlang/Elixir cowlib project (cow_cookie:cookie/1). The encoder builds a client-side Cookie header from name-value pairs without validating characters, allowing an attacker-controlled cookie name or value to inject CR, LF, semicolon, comma, or TAB. This enables cookie s...

3.2CVSS6AI score0.00022EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVEadded 2026/05/11 6:6 p.m.6 views

CVE-2026-43969

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

3.2CVSS6AI score0.00022EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2026/05/11 12:0 a.m.4 views

PT-2026-39727

Name of the Vulnerable Software and Affected Versions cowlib versions 2.9.0 and later Description Improper Neutralization of CRLF Sequences CRLF Injection occurs when the cow cookie:cookie/1 function builds a client-side Cookie request header from name-value pairs without validating the fields. A...

3.2CVSS5.9AI score0.00022EPSS
Exploits0References9
CNNVD
CNNVDadded 2026/05/11 12:0 a.m.7 views

Cowlib 注入漏洞

Cowlib is a web protocol message parsing and building library developed by Nine Nines. Version 2.9.0 of cowlib contains an injection vulnerability. This vulnerability stems from the cowcookie:cookie/1 function in cowlib, which constructs client Cookie request headers based on a list of name-value...

3.2CVSS5.8AI score0.00022EPSS
Exploits0References1
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.3 views

Astra Linux - уязвимость в jetty9

Jetty is a Java-based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or perform unintended behaviors by tampering with the cookie parsing mechanism. If Jetty encounters a cookie value that starts with a double quot...

5.3CVSS6.6AI score0.00371EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-1360

Malicious code in bioql PyPI...

5.3CVSS6.2AI score0.00371EPSS
Exploits0References12
RedHat Linux
RedHat Linuxadded 2025/06/10 10:39 a.m.2 views

io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

7.4CVSS5.8AI score0.00572EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2025/02/05 3:2 p.m.13 views

(RHSA-2025:1082) Moderate: Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available (RHBQ 3.15.3.GA)

An update for Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available RHBQ 3.15.3.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:...

7.4CVSS7.6AI score0.00572EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2025/02/05 12:21 p.m.3 views

io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

7.4CVSS5.8AI score0.00572EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2025/02/05 12:21 p.m.16 views

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 3.15.3 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

7.4CVSS6.6AI score0.00572EPSS
Exploits1References33
Github Security Blog
Github Security Blogadded 2024/12/12 9:31 a.m.21 views

io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

7.4CVSS6.7AI score0.00572EPSS
Exploits0References10Affected Software1
Vulnrichment
Vulnrichmentadded 2024/12/12 9:5 a.m.15 views

CVE-2024-12397 Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

7.4CVSS6.8AI score0.00572EPSS
Exploits0References5
Cvelist
Cvelistadded 2024/12/12 9:5 a.m.44 views

CVE-2024-12397 Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

7.4CVSS0.00572EPSS
Exploits0References5
Rows per page
Query Builder