CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 11 hours ago•4 views

Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

Export WP Page to Static HTML & PDF WordPress plugin = 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger...

9.8CVSS5.7AI score0.05097EPSS

Exploits0References2

Nuclei•added 11 hours ago•30 views

Proxmox - CRLF Injection

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

7.1CVSS7.1AI score0.35702EPSS

Exploits1References3

SUSE CVE•added 13 hours ago•2 views

SUSE CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

RedhatCVE•added 15 hours ago•4 views

Exploits0References3

CVE-2026-47265

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. This vulnerability allows a remote attacker to potentially gain access to sensitive information. When a developer uses the cookies parameter on a per-request basis, cookies are sent after following a...

8.7CVSS5.7AI score0.00019EPSS

Exploits0References5

OSV•added yesterday•1 views

GHSA-HG6J-4RV6-33PG AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

Summary Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. Impact If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Workaround If unable to...

EUVD•added yesterday•5 views

Exploits0References4

EUVD-2026-34007

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies...

Github Security Blog•added yesterday•4 views

Exploits0References3

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

Exploits0References4Affected Software1

Vulnrichment•added yesterday•3 views

CVE-2026-6873 Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

3.1CVSS5.8AI score

Exploits0References3

OSSF Malicious Packages•added yesterday•4 views

Malicious code in spadata (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 861acdca6a344c5a3eae65cb3655f211343f79870978f8bfc62654855efa89f3 The package exfiltrates Roblox cookies from the victim machine. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaig...

OSV•added yesterday•1 views

MAL-2026-5173 Malicious code in spadata (PyPI)

RedHat Linux•added yesterday•6 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.8AI score0.00014EPSS

Exploits1References5

Malwarebytes•added yesterday•6 views

Infostealers are becoming the go-to phishing payload

Phishing has changed. Slowly but surely, cybercriminals are turning to infostealers instead. Traditional phishing hasn't gone away. Far from it. But many attackers are no longer focused solely on tricking victims into entering usernames and passwords on fake login pages. Instead, they are using...

5.9AI score

Exploits0

RedHat Linux•added yesterday•6 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

8.2CVSS5.8AI score0.00014EPSS

Exploits1References5

Nuclei•added yesterday•13 views

Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...

7.5CVSS7.2AI score0.40562EPSS

Exploits1References2

Positive Technologies•added yesterday•4 views

PT-2026-46097

Tenable Nessus•added yesterday•1 views

Exploits0References5

RockyLinux 10 : python3.12 (RLSA-2026:19064)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

9.1CVSS6.2AI score0.00205EPSS

Exploits1References25

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in spaysdata (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 55bfbc1a93fe9a662ed20b5fb651390a850c8f43e4d68d81677b4ffd0ca17bcf The package exfiltrates Roblox cookies from the victim machine. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaig...

OSV•added 2 days ago•3 views

MAL-2026-5171 Malicious code in spaysdata (PyPI)