Lucene search
K

12 matches found

EUVD
EUVD
added 2026/06/16 11:53 a.m.9 views

EUVD-2026-37077

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...

6.5CVSS5.2AI score0.00096EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/17 9:38 p.m.9 views

OpenClaw MS Teams inbound attachment downloader leaks bearer tokens to allowlisted suffix domains

Summary NOTE: This only affects deployments that enable the optional MS Teams extension Teams channel. If you do not use MS Teams, you are not impacted. When OpenClaw downloads inbound MS Teams attachments / inline images, it may retry a URL with an Authorization: Bearer header after receiving 40...

7.5CVSS5.5AI score0.0026EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/17 9:38 p.m.4 views

GHSA-7VWX-582J-J332 OpenClaw MS Teams inbound attachment downloader leaks bearer tokens to allowlisted suffix domains

Summary NOTE: This only affects deployments that enable the optional MS Teams extension Teams channel. If you do not use MS Teams, you are not impacted. When OpenClaw downloads inbound MS Teams attachments / inline images, it may retry a URL with an Authorization: Bearer header after receiving 40...

7.4CVSS5.5AI score0.0026EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-15014

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00348EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/05/26 7:1 a.m.32 views

libsoup: Cookie domain validation bypass via uppercase characters in libsoup

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS5.7AI score0.00348EPSS
Exploits0References5
NVD
NVD
added 2025/04/29 1:15 p.m.13 views

CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS0.00348EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/04/29 1:15 p.m.4 views

CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS5.8AI score0.00348EPSS
Exploits0References5
OSV
OSV
added 2025/04/29 1:15 p.m.18 views

AZL-61665 CVE-2025-4035 affecting package libsoup 3.0.4-12

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS5.7AI score0.00348EPSS
Exploits0References1
OSV
OSV
added 2025/04/29 1:15 p.m.8 views

CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS6.6AI score0.00348EPSS
Exploits0References3
OSV
OSV
added 2025/04/29 1:15 p.m.5 views

UBUNTU-CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS5.7AI score0.00348EPSS
Exploits0References3
CVE
CVE
added 2025/04/29 12:56 p.m.114 views

CVE-2025-4035

Libsoup3 is affected by CVE-2025-4035: a cookie-domain validation bypass occurs when handling cookies where the domain contains at least two components and includes an uppercase character, allowing cookies to be set for public suffix domains a site does not own. The vulnerability is described acr...

4.3CVSS4.5AI score0.00348EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/04/29 12:56 p.m.4 views

CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS4.8AI score0.00348EPSS
Exploits0
Rows per page
Query Builder