CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

179 matches found

CVE-2026-47675 Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, \r, \n, but does not apply the same validation to sameSite an...

4.3CVSS0.00063EPSS

Exploits0References1

EUVD•added 6 days ago•6 views

EUVD-2026-32925

4.3CVSS5.8AI score0.00063EPSS

Exploits0References1

Tenable Nessus•added 2026/05/09 12:0 a.m.•5 views

Unity Linux 20.1070e Security Update: future (UTSA-2026-017344)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017344 advisory. An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious we...

7.5CVSS5.9AI score0.00427EPSS

Exploits1References4

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в python-future

A vulnerability discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service by using a crafted Set-Cookie header from a malicious web server...

7.5CVSS6.8AI score0.00427EPSS

Exploits1References2

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в flask

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...

7.5CVSS7AI score0.00221EPSS

Exploits1References2

Hacker One•added 2026/04/01 8:24 a.m.•10 views

curl: Cookie attribute TAB injection regression in Set-Cookie parsing

Overview | | | |---|---| | Component | lib/cookie.c — parsecookieheader | | Type | Security regression incomplete input validation | | CWE | CWE-20 Improper Input Validation | | Severity | LOW CVSS 3.1 estimated 3.7, comparable to CVE-2022-35252 | | Affected | curl 8.18.0 through current HEAD | |...

3.7CVSS6AI score0.00289EPSS

Exploits1

RedhatCVE•added 2026/03/06 1:34 a.m.•1 views

CVE-2026-29086

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie...

5.4CVSS5.8AI score0.0004EPSS

Exploits0References1

OSV•added 2026/03/04 7:49 p.m.•1 views

GHSA-5PQ2-9X2X-5P6W Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie()

Summary The setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if...

5.4CVSS5.7AI score0.0004EPSS

Exploits0References4

Positive Technologies•added 2026/03/04 12:0 a.m.•1 views

PT-2026-23077

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.4 Description The setCookie utility did not properly validate semicolons ;, carriage returns r, or newline characters in the domain and path options when creating the Set-Cookie header. Because cookie attributes are...

5.4CVSS6AI score0.0004EPSS

Exploits0References11

Tenable Nessus•added 2026/01/20 12:0 a.m.•1 views

MiracleLinux 8 : thunderbird-115.8.0-1.el8_9.ML.1 (AXSA:2024-7565:07)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7565:07 advisory. Mozilla: Out-of-bounds memory read in networking channels CVE-2024-1546 Mozilla: Alert dialog could have been spoofed on another site CVE-2024-1547...

8.1CVSS8.5AI score0.0073EPSS

Exploits1References9

Hacker One•added 2026/01/19 10:12 a.m.•9 views

curl: Cookie Max-Age Integer Overflow Vulnerability

Summary: The cookie parsing code in lib/cookie.c contains an integer overflow vulnerability when processing the Max-Age attribute of HTTP cookies. The vulnerable code attempts to add the max-age value to the current timestamp without adequate overflow protection While the code includes an overflo...

5.7AI score

Exploits0

RedhatCVE•added 2026/01/09 10:27 a.m.•8 views

CVE-2008-7295

Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.8AI score0.17828EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2012-0834

Malware in sbrugna...

5.1CVSS6.1AI score0.04812EPSS

Exploits1References11

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-8476

Malware in sbrugna...

6.8CVSS8AI score0.01837EPSS

Exploits0References48