Lucene search
K

1277 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 5:17 p.m.6 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Incorrect Behavior Order CVE-2026-0707

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2026-0707 DESCRIPTION: A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer...

5.3CVSS5.5AI score0.00361EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.6 views

Amazon Linux 2023 : perl-libwww-perl, perl-libwww-perl-tests (ALAS2023-2026-1764)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1764 advisory. LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross- origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/06 7:55 a.m.68 views

Exploit for CVE-2026-48595

CVE-2026-48595 - elixir-tesla tesla Vulnerability Quick Us...

8.2CVSS5.5AI score0.00396EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

4.3CVSS5.4AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.8 views

CVE-2026-47356

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhookurl parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhookurl multipa...

8.7CVSS5.7AI score0.00499EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS5.5AI score0.00332EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.8 views

CVE-2026-42855

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

7.5CVSS5.5AI score0.00351EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.7 views

CVE-2026-44503

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS5.4AI score0.00505EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.23 views

CVE-2026-8181

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

9.8CVSS5.5AI score0.14608EPSS
Exploits10References1
Github Security Blog
Github Security Blog
added 2026/06/05 3:40 p.m.14 views

MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

Summary The kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes environments. An attacker who already has limited cluster or codebase access, for example, a developer with...

6.1CVSS5.5AI score0.00267EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/04 5:52 p.m.16 views

EUVD-2026-32927

Hono: JWT middleware accepts any Authorization scheme, not only Bearer...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/04 2:9 p.m.38 views

CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

3.1CVSS0.00218EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.13 views

SUSE CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

5.9CVSS5.8AI score0.00359EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46859

Summary The jwt and jwk middlewares do not verify that the Authorization header value uses theBearer scheme. Any two-part header value — regardless of the scheme name in the first position — proceeds to JWT verification. A request presenting a valid JWT under a non-Bearer scheme identifier such a...

6.5CVSS5.7AI score0.00199EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-5078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log strea...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 p.m.12 views

CVE-2026-48595

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS5.8AI score0.00396EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/03 9:51 p.m.16 views

CVE-2026-35193

A flaw was found in Django. This vulnerability allows a remote attacker to read private cached responses. This occurs because the UpdateCacheMiddleware in Django does not correctly add the Authorization header to the Vary response header for requests that include an Authorization header but lack...

3.1CVSS5.7AI score0.00359EPSS
Exploits0References6
NVD
NVD
added 2026/06/03 2:16 p.m.24 views

CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS0.00359EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/03 2:16 p.m.15 views

PYSEC-2026-197

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.4AI score0.00359EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/03 2:16 p.m.10 views

PYSEC-2026-197

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

2.3CVSS5.4AI score0.00359EPSS
Exploits0References3
Rows per page
Query Builder