Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Cvelist
Cvelistadded last week21 views

CVE-2026-47675 Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, \r, \n, but does not apply the same validation to sameSite an...

4.3CVSS0.00125EPSS
Exploits0References1
CVE
CVEadded last week10 views

CVE-2026-47675

Summary: Hono prior to 4.12.21 has a vulnerability in the serialize() function of hono/cookie where domain and path options are validated to prevent Set-Cookie header corruption, but sameSite and priority are not validated. This can allow user-controlled input to inject attacker-chosen attributes...

5.3CVSS5.8AI score0.00125EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blogadded 2026/03/11 10:17 p.m.4 views

Tornado has incomplete validation of cookie attributes

Values passed to the domain, path, and samesite arguments of RequestHandler.setcookie were not completely validated in versions of Tornado prior to 6.5.5. In particular, semicolons would be allowed, which could be used to inject attacker-controlled values for other cookie attributes...

5.8AI score
Exploits0References4Affected Software1
Rows per page
Query Builder