CVE-2026-43972

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

EEF-CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

Summary Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised...

Cross-site Request Forgery (CSRF)

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF when building an errorURL in parseGenericState, when the storeStateStrategy is set to "cookie" and PKCE is disabled. An...

katalyst-koi: Session cookies can be replayed after user logout

Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...

CVE-2026-5087

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

EUVD-2026-17531

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

CVE-2026-5087

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

PAGI::Middleware::Session::Store::Cookie 安全漏洞

PAGI::Middleware::Session::Store::Cookie is a middleware component developed by JJNAPIORK, designed to store session data using cookies. Versions of PAGI::Middleware::Session::Store::Cookie 0.001003 and earlier contain security vulnerabilities. These vulnerabilities stem from the insecure...

EUVD-2017-0227

Malware in sbrugna...

EUVD-2022-1831

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-53990

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request...

AZL-64296 CVE-2025-52968 affecting package xdg-utils 1.2.1-3

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

CVE-2025-52968

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

Exploit for Prototype Pollution in Salesforce Tough-Cookie

CVE-2023-26136 Fix for tough-cookie 2.5.0 Mission Overview...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication due to the CookieStore configuration. An attacker can gain unauthorized access by brute-forcing the authentication tags of the session cookies. Note: This is only exploitable if the user has configured the sessio...

Auth0-PHP 授权问题漏洞

Auth0-PHP is an Auth0 open source PHP SDK for Auth0 authentication and management APIs. An authorization issue vulnerability exists in Auth0-PHP versions 8.0.0-BETA1 through prior to 8.14.0, which stems from the fact that session cookies in the CookieStore can be brute-force broken, potentially...

[SECURITY] Fedora 42 Update: rust-cookie_store-0.21.1-1.fc42

Implementation of Cookie storage and retrieval...

async-http-client: AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

A flaw was found in the AsyncHttpClient AHC library. When making any HTTP request, the automatically enabled and self-managed CookieStore will silently replace explicitly defined cookies with any that have the same name from the CookieStore. For services that operate with multiple users, this can...

The vulnerability of the RequestBuilder class in the CookieStore interface of the asynchronous HTTP request processing library Async Http Client allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the RequestBuilder class in the CookieStore interface of the asynchronous HTTP request processing library Async Http Client is related to the replacement of cookie files due to incorrect authentication procedures. Exploiting this vulnerability can allow an attacker operating...