Lucene search
K

14 matches found

OSV
OSV
added 2026/07/02 12:0 a.m.4 views

UBUNTU-CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/23 3:5 p.m.8 views

CVE-2026-55767

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the empty string; SetCookie::valida...

5.8CVSS5.9AI score0.00111EPSS
Exploits0
Friends Of PHP
Friends Of PHP
added 2026/06/18 2:12 p.m.8 views

Dot-only cookie domains match all hosts

Impact CookieJar incorrectly accepts cookies with a dot-only Domain attribute, such as Domain=., Domain=.., Domain=..., and whitespace-padded variants such as Domain= . . In affected versions, SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the...

5.8CVSS5.9AI score0.00111EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/10 10:16 p.m.6 views

DEBIAN-CVE-2026-46625

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS5.2AI score0.00432EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 6:24 p.m.22 views

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

7.2CVSS5.7AI score0.00237EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.15 views

Python Library Tornado < 6.5.5 Multiple Vulnerabilities

The version of the Tornado Python library installed on the remote host is prior to 6.5.5. It is, therefore, affected by multiple vulnerabilities: - Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts i...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References4
CVE
CVE
added 2026/04/03 2:25 a.m.36 views

CVE-2026-35536

Tornado

7.2CVSS5.9AI score0.00237EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/11 10:17 p.m.4 views

GHSA-78CV-MQJ4-43F7 Tornado has incomplete validation of cookie attributes

Values passed to the domain, path, and samesite arguments of RequestHandler.setcookie were not completely validated in versions of Tornado prior to 6.5.5. In particular, semicolons would be allowed, which could be used to inject attacker-controlled values for other cookie attributes...

5.4CVSS5.9AI score0.00237EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/30 4:9 p.m.6 views

Subsystem: Information disclosure via incorrect sensitivity classification of attribute

It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...

4CVSS5.8AI score0.0124EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 8:36 p.m.6 views

Subsystem: Information disclosure via incorrect sensitivity classification of attribute

It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...

4CVSS5.8AI score0.0124EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 8:18 p.m.4 views

Subsystem: Information disclosure via incorrect sensitivity classification of attribute

It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...

4CVSS5.8AI score0.0124EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 8:16 p.m.7 views

Subsystem: Information disclosure via incorrect sensitivity classification of attribute

It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...

4CVSS5.8AI score0.0124EPSS
Exploits0References4
Prion
Prion
added 2007/07/03 10:30 a.m.24 views

Cross site scripting

Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...

8.5CVSS6.1AI score0.01502EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2007/06/28 6:30 p.m.20 views

Cross site scripting

Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute...

7.8CVSS6.1AI score0.01502EPSS
Exploits0References3
Rows per page
Query Builder