Lucene search
K

59 matches found

RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-55688

A flaw was found in the AsyncHttpClient AHC library. The ThreadSafeCookieStore component did not properly verify the domain attribute of cookies, allowing a malicious host to set a cookie for an unrelated domain. This cookie would then be sent by the client in subsequent requests to the targeted...

4CVSS5.8AI score0.00179EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 8:17 p.m.4 views

UBUNTU-CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:40 p.m.10 views

CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/01 7:40 p.m.38 views

CVE-2026-55688 AsyncHttpClient: Cookie stored for an unrelated domain (cookie tossing) via ThreadSafeCookieStore

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS0.00179EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/01 7:40 p.m.5 views

CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0
CVE
CVE
added 2026/07/01 7:40 p.m.22 views

CVE-2026-55688

Affected software: AsyncHttpClient (AHC) library for Java. Vulnerable versions: 2.0.0 up to (but not including) 2.16.0, and 3.0.0.Beta1 up to (but not including) 3.0.11. Root cause: ThreadSafeCookieStore may store a cookie using the.Domain value without validating that the responding host is allo...

4CVSS5.8AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 3:16 p.m.14 views

CVE-2026-43972

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

6.3CVSS0.00215EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 2:12 p.m.10 views

EEF-CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

Summary Origin Validation Error vulnerability in ninenines gun gun\http2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSH\PROMISE authority. In gun\http2:push\promise\frame/7, the :authority pseudo-header from an incoming PUSH\PROMISE frame is stored verbatim into the...

6.3CVSS6.2AI score0.00215EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/15 5:33 p.m.10 views

Cross-site Request Forgery (CSRF)

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF when building an errorURL in parseGenericState, when the storeStateStrategy is set to "cookie" and PKCE is disabled. An...

5.9CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/07 2:13 a.m.14 views

katalyst-koi: Session cookies can be replayed after user logout

Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/01 5:40 p.m.3 views

CVE-2026-5087

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

7.5CVSS5.9AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/31 6:31 p.m.3 views

EUVD-2026-17531

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

5.9AI score0.00316EPSS
Exploits0References3
NVD
NVD
added 2026/03/31 4:16 p.m.5 views

CVE-2026-5087

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

7.5CVSS0.00316EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 4:3 p.m.29 views

CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

0.00316EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

PAGI::Middleware::Session::Store::Cookie 安全漏洞

PAGI::Middleware::Session::Store::Cookie is a middleware component developed by JJNAPIORK, designed to store session data using cookies. Versions of PAGI::Middleware::Session::Store::Cookie 0.001003 and earlier contain security vulnerabilities. These vulnerabilities stem from the insecure...

7.5CVSS5.8AI score0.00316EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-0227

Malware in sbrugna...

5CVSS6AI score0.02232EPSS
Exploits1References16
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-1831

Malicious code in bioql PyPI...

6.5CVSS5.7AI score0.0077EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-53990

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request...

9.2CVSS7.1AI score0.00587EPSS
Exploits0References3
OSV
OSV
added 2025/06/23 3:15 p.m.5 views

AZL-64296 CVE-2025-52968 affecting package xdg-utils 1.2.1-3

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

2.7CVSS6AI score0.00183EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/06/23 12:0 a.m.8 views

CVE-2025-52968

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

2.7CVSS7.3AI score0.00183EPSS
Exploits0References2
Rows per page
Query Builder