3 matches found
CVE-2026-47069
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...
CVE-2026-35536
In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...
CVE-2019-19988
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vameditXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the...