156 matches found
EUVD-2026-41505
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
CVE-2026-55688
Affected software: AsyncHttpClient (AHC) library for Java. Vulnerable versions: 2.0.0 up to (but not including) 2.16.0, and 3.0.0.Beta1 up to (but not including) 3.0.11. Root cause: ThreadSafeCookieStore may store a cookie using the.Domain value without validating that the responding host is allo...
CVE-2026-55688 AsyncHttpClient: Cookie stored for an unrelated domain (cookie tossing) via ThreadSafeCookieStore
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...
RHEL 8 : kernel (RHSA-2026:27353)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27353 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free ...
Malicious code in datacamp-light (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbdcc4ef12aca6461f8e765976a7b2b33099a1791a7aee7e353371b7954a91c Package impersonates the DataCamp brand while shipping near-empty stub exports index.js init/helper return trivial constants. The postinstall lifecyc...
EUVD-2026-37078
Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...
PT-2026-49701
Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 152.0 Description Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument. This behavior allows a malicious site to inject arbitrary cookies int...
CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...
CVE-2026-53911
CVE-2026-53911 affects Cerebrate up to version 1.36, where the id primary key could be supplied via request input during CRUD edits and patching flows for several entity types (User, Role, UserSetting, LocalTool, PermissionLimitation, EnumerationCollection). An authenticated attacker could includ...
EUVD-2026-36118
Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...
CVE-2026-44692 Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...
CVE-2026-7473
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...
CVE-2026-50212 Arbitrary Remote Device Unbinding
Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service...
Malicious code in @onerjs/addons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7d3b8a435a56ca78d7a2f4ca7077b8a96f968d29e32dd01580fdf01cee442f5 Package is published as @onerjs/addons but ships a verbatim copy of @babylonjs/addons source while declaring Babylon.js identity in its metadata:...
Malicious code in rdflib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb9a536a077e23bda8e10a55aa1177de28f4f5a8622e08914eeab437e8036940 package.json for this release declares two runtime dependencies — "package-lock.json": "^1.0.0" and "package.json": "^2.0.1" — inside the dependencie...
CVE-2026-43617
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...
MAL-2026-4451 Malicious code in @tailwind-core/vite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f9a00740b85c3ce7b36a9ba242f3eccc9ebf3d4f626ab911342c50d63b48805 The package name @tailwind-core/vite impersonates the official @tailwindcss/vite plugin from tailwindlabs, and its package.json declares three...
GHSA-748W-HM6R-QC7V Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the requested storage object is not bound to the authorized entity instance, an authenticated Sharp user wh...
Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the requested storage object is not bound to the authorized entity instance, an authenticated Sharp user wh...
PT-2026-41389
Name of the Vulnerable Software and Affected Versions Sharp versions prior to 9.22.0 Description Sharp exposes a generic download endpoint 'GET /sharp/globalFilter/download/entityKey/instanceId?' that authorizes access based on a supplied entity instance but reads the target storage disk and path...