Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/06/22 7:3 a.m.12 views

CVE-2026-12804

A flaw was found in lemonldap-ng. A remote attacker could exploit this vulnerability by manipulating the 'url' argument within the SAML Common Domain Cookie Endpoint. This manipulation results in an open redirect, potentially leading to users being redirected to arbitrary malicious websites...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References7
NVD
NVD
added 2026/06/21 7:16 p.m.13 views

CVE-2026-12804

A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...

5.3CVSS0.00264EPSS
Exploits0References6
OSV
OSV
added 2026/06/21 7:16 p.m.2 views

DEBIAN-CVE-2026-12804

A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...

5.3CVSS5.2AI score0.00264EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/21 6:30 p.m.4 views

CVE-2026-12804

A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...

5.3CVSS5.3AI score0.00264EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/21 6:30 p.m.5 views

CVE-2026-12804 lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect

A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...

5.3CVSS5.3AI score0.00264EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.14 views

PT-2026-51252

Name of the Vulnerable Software and Affected Versions lemonldap-ng versions prior to 2.23.1 Description An issue exists in the SAML Common Domain Cookie Endpoint within the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm. A remote attacker can perform a manipulation of the url argument...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/05/20 9:20 a.m.42 views

CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options 'nsid', 'answer-cookie', 'pad-responses' default need to be enabl...

8.7CVSS0.00842EPSS
Exploits0References1
OSV
OSV
added 2025/04/14 11:15 p.m.7 views

CVE-2025-31491 AutoGPT allows leakage of cross-domain cookies and protected headers in requests redirect

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests...

8.6CVSS6.4AI score0.00388EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/08/07 8:30 a.m.6 views

Mozilla: Cookie jar overflow caused unexpected cookie jar state

The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...

7.5CVSS7.1AI score0.00614EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/08/03 1:2 p.m.6 views

Mozilla: Cookie jar overflow caused unexpected cookie jar state

The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...

7.5CVSS7.1AI score0.00614EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2022/07/19 7:0 a.m.5 views

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this or other servers to which the cookies match create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept match and haven't expired. Due to cookie matching rules a server on `foo.example.com` can set cookies that also would match for `bar.example.com` making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.

...

4.3CVSS7.2AI score0.26915EPSS
Exploits1
CNVD
CNVD
added 2016/12/08 12:0 a.m.2 views

Firefox SVG Cross-Domain Cookie Injection Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A cross-domain cookie injection vulnerability exists in the Firefox SVG element, which can be exploited by an attacker to inject arbitrary web script or HTML code...

6.8AI score
Exploits0References1
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.206 views

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 OS X El Capitan 10.11 is now available and addresses the following: Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issu...

10CVSS0.2AI score0.94859EPSS
Exploits103
CNVD
CNVD
added 2015/04/09 12:0 a.m.4 views

Apple Mac OS X/iOS CFNetwork HTTPProtocol Cross Domain COOKIE Disclosure Vulnerability

Apple Mac OS X is an operating system developed by Apple Inc. Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A cross-domain COOKIE disclosure vulnerability in the Apple Mac OS X/iOS CFNetwork HTTPProtocol handling redirection allows attackers to explo...

5CVSS6.2AI score0.01764EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/10/07 12:0 a.m.39 views

SuSE9 Security Update : epiphany (YOU Patch Number 12519)

This update brings the Mozilla SeaMonkey Suite packages to the current stable release 1.1.17. Due to the major version update some incompatibilities might appear. It fixes all currently published security issues, including but not limited to : - Same-origin violations when Adobe Flash loaded via...

9.3CVSS8.9AI score0.09282EPSS
Exploits7References20
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.35 views

SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1001)

The Mozilla Firefox browser was updated to version 3.0.11, fixing various bugs and security issues : - Crashes with evidence of memory corruption rv:1.9.0.11. MFSA 2009-24 / CVE-2009-1392 / CVE-2009-1832 / CVE-2009-1833 - bmo479413 URL spoofing with invalid unicode characters. MFSA 2009-25 /...

9.3CVSS8.6AI score0.09282EPSS
Exploits9References32
FreeBSD
FreeBSD
added 2009/06/11 12:0 a.m.36 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-32 JavaScript chrome privilege escalation MFSA 2009-31 XUL scripts bypass content-policy checks MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar MFSA 2009-29 Arbitrary code execution using event listeners attached to an element...

9.3CVSS9.6AI score0.09282EPSS
Exploits9References10
Rows per page
Query Builder