Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for core by emmett-framework

    CVE-2026-25577 (GCVE-0-2026-25577)

    Vulnerability from nvd – Published: 2026-02-10 17:01 – Updated: 2026-02-11 15:33
    VLAI
    Title
    Emmett has an Unhandled CookieError Exception Causing Denial of Service
    Summary
    Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. This vulnerability is fixed in 1.3.11.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-248 - Uncaught Exception
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    emmett-framework core Affected: < 1.3.11
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25577",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T15:33:01.074738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-11T15:33:08.561Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/emmett-framework/core/security/advisories/GHSA-x6cr-mq53-cc76"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "emmett-framework",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.3.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. This vulnerability is fixed in 1.3.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-10T17:01:26.622Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/emmett-framework/core/security/advisories/GHSA-x6cr-mq53-cc76",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/emmett-framework/core/security/advisories/GHSA-x6cr-mq53-cc76"
            },
            {
              "name": "https://github.com/emmett-framework/core/commit/9557ea23a27cbadf7774d8bca6bbe4b54fa8a3ec",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/emmett-framework/core/commit/9557ea23a27cbadf7774d8bca6bbe4b54fa8a3ec"
            }
          ],
          "source": {
            "advisory": "GHSA-x6cr-mq53-cc76",
            "discovery": "UNKNOWN"
          },
          "title": "Emmett has an Unhandled CookieError Exception Causing Denial of Service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25577",
        "datePublished": "2026-02-10T17:01:26.622Z",
        "dateReserved": "2026-02-03T01:02:46.714Z",
        "dateUpdated": "2026-02-11T15:33:08.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25577 (GCVE-0-2026-25577)

    Vulnerability from cvelistv5 – Published: 2026-02-10 17:01 – Updated: 2026-02-11 15:33
    VLAI
    Title
    Emmett has an Unhandled CookieError Exception Causing Denial of Service
    Summary
    Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. This vulnerability is fixed in 1.3.11.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-248 - Uncaught Exception
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    emmett-framework core Affected: < 1.3.11
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25577",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T15:33:01.074738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-11T15:33:08.561Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/emmett-framework/core/security/advisories/GHSA-x6cr-mq53-cc76"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "emmett-framework",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.3.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. This vulnerability is fixed in 1.3.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-10T17:01:26.622Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/emmett-framework/core/security/advisories/GHSA-x6cr-mq53-cc76",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/emmett-framework/core/security/advisories/GHSA-x6cr-mq53-cc76"
            },
            {
              "name": "https://github.com/emmett-framework/core/commit/9557ea23a27cbadf7774d8bca6bbe4b54fa8a3ec",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/emmett-framework/core/commit/9557ea23a27cbadf7774d8bca6bbe4b54fa8a3ec"
            }
          ],
          "source": {
            "advisory": "GHSA-x6cr-mq53-cc76",
            "discovery": "UNKNOWN"
          },
          "title": "Emmett has an Unhandled CookieError Exception Causing Denial of Service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25577",
        "datePublished": "2026-02-10T17:01:26.622Z",
        "dateReserved": "2026-02-03T01:02:46.714Z",
        "dateUpdated": "2026-02-11T15:33:08.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }