CVE-2026-39410

Hono CVE-2026-39410 involves a cookie handling flaw in getCookie() where a mismatch between browser cookie parsing and JavaScript parse() trim() causes cookies with a non-breaking-space prefix (U+00A0) to shadow or override legitimate cookies. This can bypass __Secure- and __Host- prefix protecti...

GHSA-R5RP-J6WH-RVV4 Hono: Non-breaking space prefix bypass in cookie name handling in getCookie()

Summary A discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to the same key by parse, allowing attacker-controlled cookies to override legitimate ones. Details...

EUVD-2026-20499

Hono: Non-breaking space prefix bypass in cookie name handling in getCookie...

Hono: Non-breaking space prefix bypass in cookie name handling in getCookie()

Summary A discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to the same key by parse, allowing attacker-controlled cookies to override legitimate ones. Details...

PT-2026-31284

Summary A discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to the same key by parse, allowing attacker-controlled cookies to override legitimate ones. Details...

Exploit for Deserialization of Untrusted Data in Microsoft

WSUS-CVE-2025-59287-RCE CVE-2025-59287 is a critical CVSS...

Exploit for CVE-2025-59287

In this study, we will examine a critical vulnerability CVE-202...

EUVD-2023-33397

Malicious code in bioql PyPI...

CVE-2023-29860

An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method...

CVE-2023-29860

An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method...

CVE-2023-29860

An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method...

Security feature bypass

An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method...

CVE-2023-29860

An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method...

DTStack Taier 安全漏洞

Taier is a distributed scheduling system open-sourced by Kangaroo Cloud DTStack. It is designed to reduce the cost of ETL, clarify complex dependencies between tasks, and reduce labor costs for committing, scheduling, and operations. DTStack Taier version 1.3.0 there is a security vulnerability ,...

PT-2023-22451 · Dtstack · Dtstack Taier

Name of the Vulnerable Software and Affected Versions: DTStack Taier version 1.3.0 Description: The issue is related to insecure permissions in the "/Taier/API/tenant/listTenant" interface, allowing attackers to view sensitive information via the getCookie method. Recommendations: For DTStack Tai...

SRC-2021-0029 : Dedecms GetCookie Type Juggling Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Dedecms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetCookie function. The issue results from a loose comparison check wh...

PHPEMS注入一处(Demo测试成功)

简要描述： 过滤不严导致的注入 详细说明： 看文件 /app/exam/app.php 272-286行 public function lesson $action = $this-ev-url3; $page = $this-ev-get'page'; switch$action case 'ajax': switch$this-ev-url4 case 'questions': $number = $this-ev-get'number'; if!$number$number = 1; $questid = $this-ev-getCookie'questype'; $knowsi...

Arab Portal 2.x SQL Injection

getqc &&!isset$apt-getqp $qc = $apt-getqc; $result = $apt-query"select name,comment from rafiacomment where id='$qc'"; $row = $apt-dbarray$result; $apt-row'quote' = "\n\n\nQUOTE..... :".$row'name'."\n".$row'comment'."/QUOTE"; /code - Debug : code $qc = intval$apt-getqc; /code - Note : Path to...