Cross-site Request Forgery (CSRF)

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF when building an errorURL in parseGenericState, when the storeStateStrategy is set to "cookie" and PKCE is disabled. An...

katalyst-koi: Session cookies can be replayed after user logout

Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...

CVE-2026-5087

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

EUVD-2026-17531

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

CVE-2026-5087

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

PAGI::Middleware::Session::Store::Cookie 安全漏洞

PAGI::Middleware::Session::Store::Cookie is a middleware component developed by JJNAPIORK, designed to store session data using cookies. Versions of PAGI::Middleware::Session::Store::Cookie 0.001003 and earlier contain security vulnerabilities. These vulnerabilities stem from the insecure...

EUVD-2017-0227

Malware in sbrugna...

EUVD-2022-1831

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-53990

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request...

AZL-64296 CVE-2025-52968 affecting package xdg-utils 1.2.1-3

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

CVE-2025-52968

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

Exploit for Prototype Pollution in Salesforce Tough-Cookie

CVE-2023-26136 Fix for tough-cookie 2.5.0 Mission Overview...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication due to the CookieStore configuration. An attacker can gain unauthorized access by brute-forcing the authentication tags of the session cookies. Note: This is only exploitable if the user has configured the sessio...

Auth0-PHP 授权问题漏洞

Auth0-PHP is an Auth0 open source PHP SDK for Auth0 authentication and management APIs. An authorization issue vulnerability exists in Auth0-PHP versions 8.0.0-BETA1 through prior to 8.14.0, which stems from the fact that session cookies in the CookieStore can be brute-force broken, potentially...

[SECURITY] Fedora 42 Update: rust-cookie_store-0.21.1-1.fc42

Implementation of Cookie storage and retrieval...

async-http-client: AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

A flaw was found in the AsyncHttpClient AHC library. When making any HTTP request, the automatically enabled and self-managed CookieStore will silently replace explicitly defined cookies with any that have the same name from the CookieStore. For services that operate with multiple users, this can...

GHSA-MFJ5-CF8G-G2FV AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

Summary When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie...

DEBIAN-CVE-2024-53990

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

Async Http Client 授权问题漏洞

Async Http Client is AsyncHttpClient open source asynchronous Http and WebSocket client library for Java. An authorization issue vulnerability exists in Async Http Client version 3.0.0, which stems from an automatically enabled and self-managed CookieStore handling mechanism that can lead to...