Photon OS 5.0: Curl PHSA-2026-5.0-0856

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0856. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CLSA-2026-1779372207 curl: Fix of CVE-2026-7168

CVE-2026-7168: clear proxy Digest auth state when CURLOPTPROXY is reassigned to a different proxy host on the same easy handle so a stale Proxy-Authorization header is not replayed to the new proxy...

Photon OS 4.0: Curl PHSA-2026-4.0-1020

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1020. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

DEBIAN-CVE-2026-7168

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

CVE-2026-7168

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

BELL-CVE-2026-7168

Bulletin has no description...

CVE-2026-7168

creationtimestamp| type| source ---|---|--- 2026-04-29 06:47:54+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mkmix4cvwm2v 2026-04-29 07:10:54+00:00| seen| https://mastodon.social/users/bagder/statuses/116486743707813679 2026-04-29 07:11:04+00:00| seen|...

CVE-2026-7168

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

curl: CVE-2026-7168: cross-proxy Digest auth state leak

Summary: On libcurl 8.19.0, Proxy Digest state learned from proxyA survives an independent transfer boundary on a reused easy handle and is emitted preemptively to proxyB when the proxy is changed. In the attached C PoC, the first CONNECT to proxyB carries Proxy-Authorization: Digest ... built fr...

CVE-2020-7168

A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2019-7168

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...

CVE-2025-7168

CVE-2025-7168 affects code-projects Crime Reporting System 1.0. Multiple connected sources describe a SQL injection vulnerability in the processing of /userlogin.php, caused by unsafely handling the email parameter. The issue is exploitable remotely and has been publicly disclosed. Root cause cen...

CVE-2025-7168 code-projects Crime Reporting System userlogin.php sql injection

A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /userlogin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-7168

A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manageuser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2023-7168

The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2023-7168

The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2023-7168

CVE-2023-7168 affects the WordPress plugin Better Follow Button for Jetpack (

CVE-2024-7168

creationtimestamp| type| source ---|---|--- 2024-07-28 21:53:35+00:00| seen| https://t.me/cvedetector/1782...

CVE-2024-7168 SourceCodester School Fees Payment System manage_user.php sql injection

A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manageuser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2024-7168 SourceCodester School Fees Payment System manage_user.php sql injection

A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manageuser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit...