Lucene search
+L

716 matches found

Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.17 views

PT-2026-42621

Summary The refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh endpoint...

5.4CVSS5.7AI score
Exploits0References3
CISA KEV Catalog
CISA KEV Catalog
added 2026/05/21 12:0 a.m.7 views

Langflow Origin Validation Error Vulnerability

Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh...

9.4CVSS7.8AI score0.7889EPSS
In wildExploits3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When a ServiceWorker intercepted a request using FetchEvent, the origin of the request was lost after the ServiceWorker took control of it. This caused the SameSite cookie protections to be negated. This issue was addressed in the specifications, and later in various browsers. This vulnerability...

6.5CVSS6.7AI score0.00744EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Requests initiated through the reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

6.1CVSS6.8AI score0.00644EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox

When opening a website using the firefox:// protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox versions 123...

8.3CVSS6.6AI score0.00478EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in python-tornado

In Tornado before version 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments of .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.2AI score0.00237EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 6:24 p.m.24 views

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

7.2CVSS5.7AI score0.00237EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 1:27 p.m.16 views

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

7.2CVSS5.7AI score0.00237EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021488)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021488 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References4
OSV
OSV
added 2026/05/11 2:7 p.m.47 views

GHSA-J643-X8PV-8M67 Dozzle's Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpointsbypasses authentication

Summary The WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables Cross-Site WebSocket Hijacking CSWSH — even when authentication is...

9.6CVSS5.9AI score0.00195EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/11 2:7 p.m.12 views

Dozzle's Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpointsbypasses authentication

Summary The WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables Cross-Site WebSocket Hijacking CSWSH — even when authentication is...

9.6CVSS5.9AI score0.00195EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.9 views

CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

6AI score0.00168EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/11 12:0 a.m.9 views

CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

6AI score0.00168EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

HireFlow 安全漏洞

HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a security vulnerability. This vulnerability stems from the fact that all POST endpoints for state changes do not implement CSRF token verificatio...

8.1CVSS5.9AI score0.00168EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.39 views

CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

0.00168EPSS
Exploits1References3
CVE
CVE
added 2026/05/11 12:0 a.m.15 views

CVE-2026-38566

CVE-2026-38566 affects HireFlow v1.2. The issue is CSRF on all state-changing POST endpoints (e.g., /profile password change, /candidates/delete/, /feedback/add/, /interviews/add) due to missing CSRF token validation and no SESSION_COOKIE_SAMESITE configuration. Root cause: CSRF token validation ...

8.1CVSS6AI score0.00168EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39654

Name of the Vulnerable Software and Affected Versions HireFlow version 1.2 Description The software fails to implement Cross-Site Request Forgery CSRF token validation on state-changing POST endpoints. This allows an attacker to trick an authenticated user into visiting a malicious page to perfor...

8.1CVSS5.9AI score0.00168EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/05/08 11:10 a.m.9 views

CVE-2026-39807

A flaw was found in bandit. An unauthenticated client can exploit this vulnerability by spoofing the transport state on plaintext HTTP connections. By declaring an HTTPS scheme over a non-secure TCP connection, the system incorrectly registers the connection as secure. This can lead to sensitive...

6.3CVSS5.8AI score0.00454EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 8:16 p.m.21 views

CVE-2026-42239

Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full...

8.1CVSS0.00283EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/07 6:49 p.m.9 views

EUVD-2026-28429

Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full...

8.1CVSS5.8AI score0.00283EPSS
Exploits1References2
Rows per page
Query Builder