Lucene search
K

1277 matches found

EUVD
EUVD
added 2026/06/02 7:8 p.m.10 views

EUVD-2026-34014

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS5.8AI score0.00396EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:8 p.m.9 views

CVE-2026-48595

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS5.8AI score0.00396EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45838

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS5.8AI score0.00396EPSS
Exploits2References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

TP-Link Tapo C200 安全漏洞

The TP-Link Tapo C200 is a webcam device produced by TP-Link Corporation. The TP-Link Tapo C200 v5 version has a security vulnerability. This vulnerability stems from an improper validation of the length of the Authorization header field during RTSP authentication processing. This can lead to a...

7.1CVSS5.6AI score0.00305EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45796

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to...

7.1CVSS6.1AI score0.00305EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45561

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...

7CVSS5.8AI score0.00382EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.14 views

CVE-2026-47673

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the jwt and jwk middlewares do not verify that the Authorization header value uses theBearer scheme. Any two-part header value — regardless of the scheme name in the first position — proceeds t...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 3:51 p.m.9 views

Prototype Pollution

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the setProxy function. An attacker can inject arbitrary credentials into the Proxy-Authorization header of proxied HTTP requests b...

9.1CVSS6.4AI score0.00549EPSS
Exploits2References3
OSV
OSV
added 2026/05/29 3:51 p.m.12 views

GHSA-654M-C8P4-X5FP Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix

Patch Bypass Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix in Axios 1.15.2 Summary The Object.createnull fix introduced in Axios 1.15.2 GHSA-q8qp-cvcw-x6jj protects the top-level config object from prototype pollution. However, nested objects created...

3.7CVSS5.8AI score0.00228EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/29 3:30 p.m.20 views

GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

Summary GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. Affected users: - Authenticated github.com users who previously ran gh attestation commands, gh release verify, or...

9.1CVSS5.9AI score0.00289EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/29 3:14 p.m.11 views

EUVD-2026-33340

GitHub CLI gh is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

7.4CVSS5.8AI score0.00289EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/29 3:14 p.m.12 views

CVE-2026-48501

GitHub CLI gh is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

9.1CVSS5.8AI score0.00289EPSS
Exploits0
OSV
OSV
added 2026/05/29 1:33 p.m.12 views

OESA-2026-2464 perl-libwww-perl security update

The libwww-perl collection is a set of Perl modules which provides a simple and consistent application programming interface API to the World-Wide Web. The main focus of the library is to provide classes and functions that allow you to write WWW clients. The library also contain modules that are ...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 9:16 a.m.18 views

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 8:24 a.m.21 views

CVE-2026-49197

The CVE affects web endpoints used by the Acer Connect app, where the Authorization header is not properly validated. The underlying issue is improper handling of Base64 decoding failures, allowing requests that should be blocked. CVSS indicates a CRITICAL impact with high consequences for confid...

10CVSS5.8AI score0.00332EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 8:24 a.m.11 views

CVE-2026-49197 Predator Connect W6x: Improper Authentication

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS5.8AI score0.00332EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 8:24 a.m.13 views

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS5.8AI score0.00332EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 8:24 a.m.12 views

EUVD-2026-33264

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS5.8AI score0.00332EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-44767

Name of the Vulnerable Software and Affected Versions Acer Connect affected versions not specified Description Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header. The system fails to block requests when the Base64 decoding process fails, allowing...

10CVSS5.8AI score0.00332EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Acer Predator Connect W6x 安全漏洞

The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a security vulnerability. This vulnerability arises from the improper validation of the HTTP Authorization header by the Web endpoint of the...

10CVSS5.8AI score0.00332EPSS
Exploits0References1
Rows per page
Query Builder