Lucene search
K

820 matches found

Nuclei
Nuclei
added 19 hours ago10 views

JumpServer - Open Redirect via Referer Header

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. id:...

6.9CVSS5.9AI score0.00442EPSS
Exploits0References3
Nuclei
Nuclei
added 19 hours ago26 views

ZZcms - Cross-Site Scripting

ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. id: CVE-2020-20285 info: name: ZZcms -...

5.4CVSS6.2AI score0.01552EPSS
Exploits1References3
EUVD
EUVD
added yesterday7 views

EUVD-2026-41213

Craft CMS: Potential authenticated Remote Code Execution via referrer redirect...

8.7CVSS6.1AI score0.00293EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-9546

A flaw was found in libcurl. This vulnerability causes the HTTP Referer header to persist even after it has been explicitly cleared. This can lead to the previous referrer string being unintentionally reused and sent in subsequent requests, potentially disclosing sensitive information to unintend...

7.5CVSS5.7AI score0.00206EPSS
Exploits1References6
Snyk
Snyk
added 4 days ago9 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data due to the improper clearing of the CURLOPTREFERER option. An attacker can cause sensitive information to be disclosed by forcing the reuse and transmission of a previous referer header ...

7.5CVSS5.9AI score0.00206EPSS
Exploits1References2
OSV
OSV
added 4 days ago2 views

ALPINE-CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00206EPSS
Exploits1References1
NVD
NVD
added 4 days ago7 views

CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS0.00206EPSS
Exploits1References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41494

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

6AI score0.00206EPSS
Exploits1References3
CVE
CVE
added 4 days ago19 views

CVE-2026-9546

CVE-2026-9546 is a libcurl vulnerability where the HTTP Referer header persists after CURLOPT_REFERER is cleared, due to an internal state not being cleared. Affected versions are prior to 8.21.0 (e.g., 8.18.0). This can cause leakage of the previous referrer to subsequent requests. The practical...

7.5CVSS5.9AI score0.00206EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-9546 sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

0.00206EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 4 days ago5 views

CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00206EPSS
Exploits1References3
NVD
NVD
added 5 days ago9 views

CVE-2026-55794

Craft CMS is a content management system CMS. In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries...

8.7CVSS0.00293EPSS
Exploits0References2
CVE
CVE
added 6 days ago27 views

CVE-2026-55794

Craft CMS

8.7CVSS5.8AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-54862

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.9.0 through 5.9.x Description Control panel users with entry editing permissions can execute unsandboxed Twig code, which may lead to authenticated Remote Code Execution RCE. The issue occurs during the entry saving proces...

8.7CVSS6AI score0.00293EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

libcurl 8.18.0 < 8.21.0 Persistent Referer Header Information Disclosure

The version of libcurl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - A vulnerability in libcurl caused the HTTP Referer header to persist even when explicitly cleared, potentially leaking sensitive information to...

7.5CVSS5.9AI score0.00206EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52624

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An open redirect issue exists due to the use of a substring check instead of a host check within the str contains$referer, CACTI PATH URL logic. When the login opts variable is set to '1', the auth...

6.1CVSS5.6AI score0.00151EPSS
Exploits1References6
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

7.5CVSS5.8AI score0.00206EPSS
Exploits1References3
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00206EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2026/06/24 8:0 a.m.11 views

CURL-CVE-2026-9546 sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00206EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51755

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists where the HTTP Referer: header persists even after being explicitly cleared. Although passing NULL to CURLOPT REFERER is intended to suppress the header, the internal state is...

5.9AI score0.00206EPSS
Exploits1References5
Rows per page
Query Builder