Lucene search
K

198 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP- address or bare-numeric Domain values to the exact ho...

6.1CVSS6.1AI score0.00115EPSS
Exploits0References3
Snyk
Snyk
added last week4 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the CookieJar process. An attacker can access or manipulate cookies belonging to other hosts by exploiting improper domain matching for IP-address or bare-numeric domains. Remediation Upgrade guzzlehttp/guzzl...

6.1CVSS6.1AI score0.00115EPSS
Exploits0References2
NVD
NVD
added last week8 views

CVE-2026-59883

Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain applied ordinary suffix matching to domains such as 192.168.0.1, ::1, or 1, allowing...

6.1CVSS0.00115EPSS
Exploits0References4
Debian CVE
Debian CVE
added last week5 views

CVE-2026-59883

Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain applied ordinary suffix matching to domains such as 192.168.0.1, ::1, or 1, allowing...

6.1CVSS6AI score0.00115EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/25 8:16 a.m.8 views

CVE-2026-54279

A flaw was found in aiohttp before 3.14.1. Host-only cookies saved with CookieJar.save and later restored with CookieJar.load lose their host-only flag, so cookies intended for a single host may be sent to subdomains after persistence...

7.5CVSS5.7AI score0.00279EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 4:32 p.m.5 views

CVE-2026-54279 AIOHTTP: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

5.3CVSS6AI score0.00279EPSS
Exploits0References4
CVE
CVE
added 2026/06/22 4:32 p.m.54 views

CVE-2026-54279

CVE-2026-54279 affects the aiohttp library (Python asyncio framework). Prior to version 3.14.1, host-only cookies saved with CookieJar.save() and later restored with CookieJar.load() may lose their host-only status, effectively becoming domain cookies. The issue is fixed in aiohttp 3.14.1. Affect...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:8 p.m.9 views

aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

Summary Host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. Impact Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disallowed. ----- Patch:...

7.5CVSS5.3AI score0.00279EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 8:8 p.m.11 views

GHSA-2FQR-MR3J-6WP8 aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

Summary Host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. Impact Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disallowed. ----- Patch:...

5.3CVSS5.4AI score0.00279EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:8 p.m.14 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in the CookieJar.save and CookieJar.load functions. An attacker can cause cookies intended for a specific host to be sent to subdomains by persisting and restoring cookie...

7.5CVSS5.3AI score0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49593

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description Host-only cookies saved using the CookieJar.save function and subsequently restored via the CookieJar.load function lose their host-only status. This can result in cookies loaded from disk being sen...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.23 views

aioHTTP < 3.14.0 Multiple Vulnerabilities

The version of aioHTTP installed on the remote host is prior to 3.14.0. It is, therefore, affected by multiple vulnerabilities: - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 2:37 a.m.8 views

CVE-2026-34993

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. An attacker could exploit this vulnerability by providing untrusted input to the CookieJar.load function. This could potentially lead to arbitrary code execution, allowing the attacker to run malicio...

7.3CVSS7.1AI score0.00128EPSS
Exploits0References5
OSV
OSV
added 2026/06/03 8:56 p.m.6 views

GHSA-JG22-MG44-37J8 AIOHTTP is Vulnerable to Deserialization of Untrusted Data

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

6.4CVSS6.1AI score0.00128EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/03 8:56 p.m.15 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CookieJar.load function. A user who convinces another user to load a malicious serialized object can cause the execution of arbitrary code. Details Serialization is a process of converting an...

7.3CVSS5.8AI score0.00128EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-34993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow...

7.3CVSS7.5AI score0.00128EPSS
Exploits0References3
OSV
OSV
added 2026/06/02 8:16 p.m.6 views

DEBIAN-CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

7.3CVSS6.1AI score0.00128EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 8:16 p.m.20 views

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

7.3CVSS0.00128EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:29 p.m.8 views

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

6.4CVSS6.1AI score0.00128EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/02 6:29 p.m.2 views

CVE-2026-34993 AIOHTTP Vulnerable to Deserialization of Untrusted Data

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

6.4CVSS7.4AI score0.00128EPSS
Exploits0References10
Rows per page
Query Builder