39 matches found
CVE-2026-46386
OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRETKEYBASE=OVERWRITEME as the default Rails master key. Combined with cookiesserializer = :marshal, this gives any logged-in user a deterministic...
EUVD-2026-33402
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data user handle,...
PT-2026-39153
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSION SAVE EVERY REQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django...
Important: python3.9
Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
Medium: python3
Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
EUVD-2013-5545
Malware in sbrugna...
EUVD-2018-17250
Malware in sbrugna...
EUVD-2008-7249
Malware in sbrugna...
EUVD-2014-8259
Malware in sbrugna...
EUVD-2017-16812
Malware in sbrugna...
EUVD-2015-7140
Malware in sbrugna...
EUVD-2016-3028
Malware in sbrugna...
EUVD-2021-16243
Malware in sbrugna...
EUVD-2003-1220
Malware in sbrugna...
EUVD-2024-16726
Malicious code in bioql PyPI...
BIT-LIBPYTHON-2024-7592 Quadratic complexity parsing cookies with backslashes
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
CVE-2025-27450
The CVE concerns Endress+Hauser MEAC300-FNADE4 where the Secure attribute is missing on cookies (e.g., PHPSESSID). This allows an attacker to lure a user into establishing an unencrypted HTTP connection and intercept session cookies, enabling session hijacking. Connected sources corroborate the i...
CVE-2019-19737
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks...
CVE-2013-3637
ProjectPier 0.8.8 does not use the Secure flag for cookies...
CVE-2025-47275
Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in...