Lucene search
+L

240 matches found

nvd
nvd
added 2 days ago8 views

CVE-2026-54052

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.56.1, in HTTP mode with multi-tenancy enabled through ENABLEMULTITENANT=true, n8n-mcp's local workflow version history backups were not isolated per tenant, allowing an...

9.9CVSS0.00389EPSS
Exploits0References2
euvd
euvd
added 4 days ago5 views

EUVD-2026-43310

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score0.00259EPSS
Exploits0References3
nvd
nvd
added 4 days ago5 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS0.00259EPSS
Exploits0References2
cve
cve
added 4 days ago10 views

CVE-2026-15574

The CVE-2026-15574 issue affects the vllm-orchestrator-gateway component, where the production binary logs incoming authorization headers and full chat payloads, potentially exposing PII, secrets, bearer tokens, and conversation content. This data exposure arises from a hard-coded debug/default l...

7.5CVSS6AI score0.00259EPSS
Exploits0References2
cvelist
cvelist
added 4 days ago31 views

CVE-2026-15574 Vllm-orchestrator-gateway: vllm-orchestrator-gateway: authorization header and full chat payloads logged at hard-coded debug default

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS0.00259EPSS
Exploits0References2
redhatcve
redhatcve
added 4 days ago8 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score0.00259EPSS
Exploits0References3
nvd
nvd
added last week8 views

CVE-2026-59180

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py...

3.1CVSS0.00195EPSS
Exploits0References4
osv
osv
added last week7 views

UBUNTU-CVE-2026-59180

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py...

3.1CVSS6.1AI score0.00195EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/07 5:41 p.m.45 views

CVE-2026-7017 HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

0.0026EPSS
Exploits0References5
osv
osv
added 2026/06/26 11:55 p.m.5 views

GHSA-WW5P-J6CJ-6MQQ Nezha Dashboard: DDNS and Notification credential exposure via unredacted list API

Summary The GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials — Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram webhook URLs with embedded bot tokens, and Authorization header values — withou...

6.9CVSS5.8AI score0.00304EPSS
Exploits0References2
euvd
euvd
added 2026/06/26 9:56 p.m.16 views

EUVD-2026-31692

Hackney: Cross-origin Redirect Leaks Authorization, Cookie, and Request Body...

6.1CVSS5.8AI score0.00348EPSS
Exploits1References5
osv
osv
added 2026/06/24 1:13 p.m.7 views

OESA-2026-2727 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements maxredirects, and removes only the Host header. It does not clear...

7.7CVSS5.8AI score0.00691EPSS
Exploits0References4
snyk
snyk
added 2026/06/17 6:21 p.m.14 views

Use of Cache Containing Sensitive Information

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the cache interceptor. An attacker can obtain another user's authenticated response data by exploiting whitespace-padded...

8.9CVSS7.1AI score0.00374EPSS
Exploits0References2
snyk
snyk
added 2026/06/17 6:21 p.m.7 views

Use of Cache Containing Sensitive Information

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the cache interceptor. An attacker can obtain another user's authenticated response data by exploiting...

8.9CVSS7.1AI score0.00374EPSS
Exploits0References2
amazon
amazon
added 2026/06/08 12:0 a.m.11 views

Medium: perl-libwww-perl

Issue Overview: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorizatio...

6.5CVSS5.4AI score0.00266EPSS
Exploits0
nessus
nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2 : perl-libwww-perl, --advisory ALAS2-2026-3325 (ALAS-2026-3325)

The version of perl-libwww-perl installed on the remote host is prior to 6.05-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3325 advisory. LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross- origin redirects...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41181

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. The errors custom error pages middleware can inadvertently expose end-user credentials. When a backend returns a response matching a configured status range, the middleware forwards the original request's complete header set,...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References7
nessus
nessus
added 2026/06/05 12:0 a.m.8 views

Fedora 43 : perl-libwww-perl (2026-3b48ba7dc7)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3b48ba7dc7 advisory. Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects a different scheme,...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References2
nessus
nessus
added 2026/06/04 12:0 a.m.12 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libwww-perl vulnerability (USN-8378-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8378-1 advisory. It was discovered that libwww-perl incorrectly handled redirects. A remote attacker could possibly use this issue to obtain...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References2
ubuntu
ubuntu
added 2026/06/03 1:33 p.m.12 views

USN-8378-1: libwww-perl vulnerability

It was discovered that libwww-perl incorrectly handled redirects. A remote attacker could possibly use this issue to obtain sensitive information by causing Authorization headers to be sent to a different host...

6.5CVSS5.4AI score0.00266EPSS
Exploits0
Rows per page
Query Builder