Lucene search
K

30463 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40433

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses a weak hardcoded default secret 'flowise' for the express-session middleware when the EXPRESSSESSIONSECRET environment variable is not set packages/server/src/enterprise/middleware/passport/index.ts. Because this default secret is...

9.3CVSS5.8AI score0.00379EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40459

Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...

9.3CVSS5.9AI score0.00406EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 6 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-58015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter...

7.5CVSS6AI score0.00418EPSS
Exploits1References4
NVD
NVD
added last week6 views

CVE-2026-55721

Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...

9.3CVSS0.00406EPSS
Exploits0References3
CVE
CVE
added last week15 views

CVE-2026-55721

The CVE-2026-55721 entry describes a SQL injection vulnerability in StoneFly Storage Concentrator (SC & SCVM). The issue arises when cookie values are processed by login.pl and debug.pl, with the cookie data directly embedded into database queries without proper sanitization. This allows an unaut...

9.3CVSS5.9AI score0.00406EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 9:34 p.m.5 views

USN-8487-1 curl vulnerabilities

Andrew Nesbitt discovered that curl could reuse an existing live connection during STARTTLS-based connection upgrades even when the TLS configuration did not match. A remote attacker could possibly use this issue to cause curl to use an unintended TLS configuration. CVE-2026-8286 Muhamad Arga...

9.8CVSS6.1AI score0.0025EPSS
Exploits5References11
NVD
NVD
added 2026/06/30 2:16 p.m.10 views

CVE-2026-35095

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS0.00145EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 1:37 p.m.6 views

EUVD-2026-40322

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS5.7AI score0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 1:37 p.m.33 views

CVE-2026-35095 Session fixation in KTM System e-BOK

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS0.00145EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:37 p.m.5 views

CVE-2026-35095

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS5.7AI score0.00145EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 1:19 p.m.11 views

CVE-2026-58015

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

7.5CVSS0.00418EPSS
Exploits1References3
OSV
OSV
added 2026/06/30 1:19 p.m.3 views

UBUNTU-CVE-2026-58015

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

7.5CVSS5.9AI score0.00418EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/30 1:2 p.m.6 views

EUVD-2026-40318

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

5.9CVSS5.9AI score0.00418EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/30 1:2 p.m.36 views

CVE-2026-58015 Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

5.9CVSS0.00418EPSS
Exploits1References3
CVE
CVE
added 2026/06/30 1:2 p.m.14 views

CVE-2026-58015

CVE-2026-58015 affects GLib’s D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL mechanism. The cookie_context parameter received from the server is not validated, allowing a malicious D-Bus server to supply a cookie_context with path traversal sequences. This can enable reading an arb...

7.5CVSS5.9AI score0.00418EPSS
Exploits1References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:2 p.m.5 views

CVE-2026-58015

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

5.9CVSS5.9AI score0.00418EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/06/30 1:2 p.m.4 views

CVE-2026-58015

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

7.5CVSS5.9AI score0.00418EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/30 8:54 a.m.6 views

EUVD-2026-40271

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS5.9AI score0.00366EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-53874

Name of the Vulnerable Software and Affected Versions GLib affected versions not specified Description A flaw exists in the D-Bus client-side implementation of the DBUS COOKIE SHA1 SASL authentication mechanism. The system fails to validate the cookie context parameter received from the server. A...

7.5CVSS6.1AI score0.00418EPSS
Exploits1References8
Rows per page
Query Builder