Lucene search
K

88 matches found

AlpineLinux
AlpineLinux
added 2026/06/02 6:32 p.m.11 views

CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.3AI score0.0015EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/02 6:32 p.m.16 views

CVE-2026-47265 AIOHTTP vulnerable to cross-origin redirect with per-request cookies

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:32 p.m.9 views

CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/02 6:32 p.m.90 views

CVE-2026-47265

AIOHTTP prior to 3.14.0 is vulnerable: cookies provided via the cookies parameter on per-request calls are sent after following a cross-origin redirect, which may leak sensitive data if an attacker can control the redirect. Version 3.14.0 patches the issue. As a workaround, using a Cookie header ...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45836

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.0 Description Cookies set using the cookies parameter on requests are sent after following a cross-origin redirect. This behavior can lead to the leakage of sensitive data to an attacker if they can control the...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References42
SUSE CVE
SUSE CVE
added 2026/05/28 3:54 a.m.10 views

SUSE CVE-2026-46028

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References9
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.14 views

Strengthening Polymorphic Prompt Assembling: Dynamic Separator Generation against Emerging Prompt Injection Attacks

Polymorphic Prompt Assembling PPA defends LLM agents against prompt injections by randomly selecting separator pairs from a fixed pool to isolate user input from system instructions. Although effective, static pool reuse exposes a blast-radius vulnerability: once a separator leaks, it can be...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/27 2:17 p.m.15 views

CVE-2026-46028

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...

5.5CVSS0.00123EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/27 12:56 p.m.13 views

EUVD-2026-32409

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...

5.9AI score0.00123EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/27 12:56 p.m.41 views

CVE-2026-46028 crypto: algif_aead - snapshot IV for async AEAD requests

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...

0.00123EPSS
Exploits0References8
OSV
OSV
added 2026/05/27 12:56 p.m.2 views

CVE-2026-46028 crypto: algif_aead - snapshot IV for async AEAD requests

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...

5.5CVSS6AI score0.00123EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-46028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently us...

5.5CVSS6AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43895

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the algif aead component where AF ALG AEAD AIO requests utilize a socket-wide IV Initialization Vector buffer during processing. For asynchronous requests, subsequent...

5.5CVSS5.9AI score0.00123EPSS
Exploits0
OSV
OSV
added 2026/05/27 12:0 a.m.7 views

UBUNTU-CVE-2026-46028

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.17 views

PT-2026-41685

Name of the Vulnerable Software and Affected Versions Faraday versions 2.0.0 through 2.14.1 Description Faraday is an HTTP client library abstraction layer. A flaw exists where protocol-relative host override is possible when the request target is passed as a URI object instead of a String to the...

5.8AI score0.00272EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/05/14 3:34 p.m.11 views

CVE-2026-42597 Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

5.9CVSS5.8AI score0.00251EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 3:34 p.m.3 views

CVE-2026-42597 Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

5.9CVSS5.9AI score0.00251EPSS
Exploits1References3
CVE
CVE
added 2026/05/08 7:12 p.m.25 views

CVE-2026-44694

CVE-2026-44694 affects n8n-MCP before 2.50.2. An authenticated SSRF vulnerability exists in the webhook trigger tools, the n8n API client (N8N_API_URL), and per-request URLs via the x-n8n-url header in multi-tenant HTTP mode. Exploitation allows a valid MCP session to cause the host to send HTTP ...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/08 7:12 p.m.3 views

CVE-2026-44694 n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...

7.2CVSS5.9AI score0.00235EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.19 views

PT-2026-39189

Name of the Vulnerable Software and Affected Versions n8n-MCP versions 2.18.7 through 2.50.1 Description An authenticated server-side request forgery SSRF issue exists affecting the webhook trigger tools, the n8n API client N8N API URL, and per-request URLs provided via the x-n8n-url header in...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References11
Rows per page
Query Builder