Lucene search
K

25 matches found

OSV
OSV
added 5 days ago3 views

ALPINE-CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS6AI score0.00536EPSS
Exploits1References1
NVD
NVD
added 5 days ago6 views

CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS0.00536EPSS
Exploits1References3
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

trailing dot domain super cookie

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set "super cookies" that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS5.9AI score0.00536EPSS
Exploits1References1Affected Software2
Malwarebytes
Malwarebytes
added 2026/05/14 10:47 a.m.12 views

Why Malwarebytes blocks some Yahoo Mail redirects

Some Malwarebytes users have recently noticed frequent web protection alerts while reading email in Yahoo Mail’s web interface. These alerts are caused by background connections from the Yahoo Mail page to a set of third‑party domains that our products and other security tools currently classify ...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/12/18 9:31 p.m.5 views

EUVD-2025-204380

An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and...

5.3CVSS5.7AI score0.0025EPSS
Exploits0References3
OSV
OSV
added 2025/12/18 8:15 p.m.3 views

CVE-2019-25228

An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and...

5.3CVSS5.8AI score0.0025EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/18 7:53 p.m.26 views

CVE-2019-25228 Kentico Xperience <= 12.0.47 Virtual Context Information Disclosure

An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and...

5.3CVSS0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52294

An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and...

5.3CVSS6.3AI score0.0025EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-42127

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00615EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/07 12:45 a.m.16 views

CVE-2025-58179

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS6.8AI score0.00773EPSS
Exploits1References1
OSV
OSV
added 2025/09/04 7:24 p.m.1 views

GHSA-QPR4-C339-7VQ8 Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter

Summary When using Astro's Cloudflare adapter @astrojs/cloudflare configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served...

7.2CVSS6AI score0.00773EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.4 views

PT-2025-36102

Name of the Vulnerable Software and Affected Versions Astro versions 11.0.3 through 12.6.5 Description Astro, a web framework for content-driven websites, is susceptible to a Server-Side Request Forgery SSRF issue when utilizing the Cloudflare adapter. When configured with output: 'server' and th...

7.2CVSS6.5AI score0.00773EPSS
Exploits1References17
RedhatCVE
RedhatCVE
added 2025/08/21 6:20 p.m.9 views

CVE-2025-55303

Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...

6.9CVSS7AI score0.00599EPSS
Exploits1References1
OSV
OSV
added 2023/04/07 7:23 p.m.40 views

GHSA-GV7G-X59X-WF8F SvelteKit framework has Insufficient CSRF protection for CORS requests

Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...

8.8CVSS8.9AI score0.00373EPSS
Exploits1References4
NVD
NVD
added 2023/04/04 10:15 p.m.72 views

CVE-2023-29003

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

8.8CVSS8.9AI score0.00557EPSS
Exploits1References3
Prion
Prion
added 2023/04/04 10:15 p.m.16 views

Cross site request forgery (csrf)

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

6.8CVSS8.8AI score0.00557EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/04 9:20 p.m.325 views

SvelteKit vulnerable to Cross-Site Request Forgery

Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to it’s users. The protection i...

8.8CVSS8.6AI score0.00557EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2023/04/04 9:20 p.m.62 views

CVE-2023-29003 SvelteKit has Insufficient Cross-Site Request Forgery Protection

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

8.8CVSS9.1AI score0.00557EPSS
Exploits1References3
OSV
OSV
added 2023/04/04 9:20 p.m.40 views

CVE-2023-29003 SvelteKit has Insufficient Cross-Site Request Forgery Protection

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

8.8CVSS8.7AI score0.00557EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/10/06 12:26 p.m.3 views

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

8.8CVSS7.2AI score0.01646EPSS
Exploits1References5
Rows per page
Query Builder