Lucene search
K

31 matches found

Cvelist
Cvelist
added 2026/06/19 8:23 p.m.21 views

CVE-2026-48794 Authelia has an Edge Case Access Control Rule Mismatch

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may b...

2.3CVSS0.00283EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 11:53 a.m.24 views

CVE-2026-53899 Cross-origin cookies could be leaked when opening a PDF link

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...

0.00096EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 11:53 a.m.15 views

CVE-2026-53899

CVE-2026-53899 affects Firefox for iOS. The issue arises from partial domain matching when attaching cookies to PDF requests, enabling a malicious site on a suffix domain to receive cookies belonging to the target site. The root cause is tied to how cookies were matched during PDF handling, leadi...

6.5CVSS5.3AI score0.00096EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/16 11:53 a.m.7 views

EUVD-2026-37077

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...

6.5CVSS5.2AI score0.00096EPSS
Exploits0References2
Mozilla
Mozilla
added 2026/06/16 12:0 a.m.25 views

Security Vulnerabilities fixed in Firefox for iOS 152.0 — Mozilla

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in...

6.5CVSS5.3AI score0.001EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49700

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 152.0 Description Firefox for iOS used partial domain matching when attaching cookies to PDF requests. This behavior allows a malicious site hosted on a suffix domain to receive cookies belonging to the target...

6.5CVSS5.8AI score0.00096EPSS
Exploits0References8
NVD
NVD
added 2026/06/12 4:16 p.m.13 views

CVE-2026-50090

The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...

9.3CVSS0.00253EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 3:2 p.m.28 views

CVE-2026-50090 Aqara OAuth redirect_uri validation bypass

The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...

9.3CVSS0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:2 p.m.8 views

CVE-2026-50090 Aqara OAuth redirect_uri validation bypass

The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...

9.3CVSS5.3AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 3:2 p.m.8 views

EUVD-2026-36480

The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...

9.3CVSS5.2AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 3:2 p.m.19 views

CVE-2026-50090

Technical details about CVE-2026-50090 are not publicly available in the provided documents. Monitor for updates from official advisories to learn affected components, impact, and fixes.

9.3CVSS5.3AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48914

Name of the Vulnerable Software and Affected Versions Aqara Cloud affected versions not specified Description The OAuth Authorization Endpoint "open-cn.aqara.com/oauth/authorize" is subject to a redirect bypass caused by improper validation of unsafe equivalence in input. This flaw allows for...

9.3CVSS5.2AI score0.00253EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2013-1936

Malware in sbrugna...

5CVSS8.5AI score0.04986EPSS
Exploits1References29
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0944

Malware in sbrugna...

6.1CVSS6.1AI score0.01353EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-49588

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.0108EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 5:2 a.m.6 views

CVE-2023-27974

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default...

7.5CVSS6.9AI score0.00995EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/04/30 1:33 p.m.3 views

golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect...

4.3CVSS7.2AI score0.0108EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2024/03/05 10:22 p.m.30 views

CVE-2023-45289

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...

4.3CVSS6.9AI score0.0108EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/03/08 12:0 a.m.14 views

CVE-2023-27974

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default...

6.9AI score0.00995EPSS
Exploits1References3
OSV
OSV
added 2022/07/07 1:15 p.m.3 views

ALPINE-CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

4.3CVSS6.7AI score0.26915EPSS
Exploits1References1
Rows per page
Query Builder