Lucene search
K

39 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-46386

OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRETKEYBASE=OVERWRITEME as the default Rails master key. Combined with cookiesserializer = :marshal, this gives any logged-in user a deterministic...

9.9CVSS0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:46 p.m.9 views

EUVD-2026-33402

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data user handle,...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.10 views

PT-2026-39153

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSION SAVE EVERY REQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References5
Amazon
Amazon
added 2026/04/30 12:0 a.m.10 views

Important: python3.9

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

9.1CVSS4.7AI score0.00579EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.9 views

Medium: python3

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

6CVSS5.9AI score0.00621EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-5545

Malware in sbrugna...

6.8CVSS6.4AI score0.00698EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-17250

Malware in sbrugna...

7.4CVSS7.5AI score0.00648EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-7249

Malware in sbrugna...

5.8CVSS6.2AI score0.01005EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-8259

Malware in sbrugna...

8.1CVSS8AI score0.01626EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-16812

Malware in sbrugna...

5.3CVSS7.4AI score0.01471EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2015-7140

Malware in sbrugna...

5CVSS7.6AI score0.0239EPSS
Exploits0References19
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-3028

Malware in sbrugna...

5.3CVSS7.4AI score0.01765EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-16243

Malware in sbrugna...

4.3CVSS4.2AI score0.00511EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2003-1220

Malware in sbrugna...

6.4CVSS7.5AI score0.01351EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-16726

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00477EPSS
Exploits0References1
OSV
OSV
added 2025/08/11 1:52 p.m.4 views

BIT-LIBPYTHON-2024-7592 Quadratic complexity parsing cookies with backslashes

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS7.2AI score0.02303EPSS
Exploits1References13
CVE
CVE
added 2025/07/03 11:26 a.m.20 views

CVE-2025-27450

The CVE concerns Endress+Hauser MEAC300-FNADE4 where the Secure attribute is missing on cookies (e.g., PHPSESSID). This allows an attacker to lure a user into establishing an unencrypted HTTP connection and intercept session cookies, enabling session hijacking. Connected sources corroborate the i...

6.5CVSS6.5AI score0.00247EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 a.m.6 views

CVE-2019-19737

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks...

8.8CVSS6.9AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 a.m.7 views

CVE-2013-3637

ProjectPier 0.8.8 does not use the Secure flag for cookies...

5.4CVSS7.2AI score0.0059EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:59 p.m.16 views

CVE-2025-47275

Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in...

9.1CVSS7AI score0.00467EPSS
Exploits0References1
Rows per page
Query Builder