CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Debian CVE•added yesterday•6 views

CVE-2026-55767

CVE•added yesterday•10 views

Exploits0

CVE-2026-55767

Summary: Guzzle 7.x before 7.12.1 is vulnerable to cookie domain handling flaws in CookieJar. dot-only Domain attributes (e.g., Domain=., Domain=.., or whitespace-padded variants) are normalized to an empty domain, and the code path that rejects only an empty domain still allows it to match any h...

Cvelist•added yesterday•23 views

CVE-2026-55767 Guzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzle

5.8CVSS

EUVD•added yesterday•5 views

EUVD-2026-38457

OSV•added yesterday•3 views

RHSA-2026:28011 Red Hat Security Advisory: .NET 8.0 security update

Bulletin has no description...

7.5CVSS5.8AI score0.01176EPSS

Exploits0References13

NVD•added 2 days ago•7 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS0.00402EPSS

Cvelist•added 2 days ago•29 views

CVE-2026-12580 Digiwin｜EasyFlow .NET - Stored Cross-Site Scripting

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

5.4CVSS0.00168EPSS

EUVD•added 5 days ago•9 views

EUVD-2026-36539

parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist...

2.1CVSS5.8AI score0.00281EPSS

Exploits0References4

OSV•added 5 days ago•16 views

GHSA-CWXW-98QJ-8QJX guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts

Impact CookieJar incorrectly accepts cookies with a dot-only Domain attribute, such as Domain=., Domain=.., Domain=..., and whitespace-padded variants such as Domain= . . In affected versions, SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the...

Github Security Blog•added 5 days ago•7 views

guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts

Exploits0References2Affected Software1

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hexadecimal numbers or similar elements. However,...

7.8CVSS7AI score0.00286EPSS

AstraLinux•added 5 days ago•7 views

Astra Linux – Vulnerability in Git

Git is a version control system. Before versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories containing submodules could be exploited through a bug in Git. This bug allowed an attacker to manipulate the creation of files—specifically, files that were written into the...

9CVSS7.9AI score0.25334EPSS

Exploits32References2

Friends Of PHP•added 6 days ago•6 views

Dot-only cookie domains match all hosts

Exploits0Affected Software1

NVD•added 2026/06/16 7:17 p.m.•13 views

CVE-2026-53859

OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block throu...

6.5CVSS0.0021EPSS

CVE•added 2026/06/16 6:5 p.m.•12 views

CVE-2026-53859

Technical details (affected components, root cause, specific versions, exploitation) are not publicly available in the provided documents. Monitor for updates.

6.5CVSS5.3AI score0.0021EPSS

Exploits0References2Affected Software1

OSV•added 2026/06/16 12:40 p.m.•3 views

BIT-PARSE-2026-53724 Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1, the default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked e.g. poc.svg...

2.1CVSS5.1AI score0.00281EPSS

Exploits0References4

Positive Technologies•added 2026/06/16 12:0 a.m.•13 views

PT-2026-49776

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.26 Description An issue exists in hostname validation where trailing-dot notation in model or workspace-derived URLs can be used to bypass blocklist comparisons. This occurs because hostname checks treat hosts...

6.5CVSS5.2AI score0.0021EPSS

Exploits0References5

NVD•added 2026/06/15 9:16 p.m.•5 views

CVE-2026-40798

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

9.3CVSS0.00283EPSS