Lucene search
K

38 matches found

OSV
OSV
added 5 days ago6 views

ALPINE-CVE-2026-11856

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS6AI score0.00754EPSS
Exploits1References1
CVE
CVE
added 5 days ago24 views

CVE-2026-11856

CVE-2026-11856 describes a cross-origin Digest authentication state leak in libcurl. When a transfer is performed to hostA using Digest auth and the origin is then changed to hostB while reusing the same handle, libcurl may forward the Authorization header intended for hostA to hostB. This is a h...

9.8CVSS6AI score0.00754EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 5 days ago54 views

CVE-2026-11856 cross-origin Digest auth state leak

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

0.00754EPSS
Exploits1References3
CVE
CVE
added 2026/06/10 2:41 p.m.56 views

CVE-2026-48856

This CVE affects Erlang OTP inets (httpc_response) where cross-origin 3xx redirects copy Authorization and Proxy-Authorization headers to the redirect target, enabling credential theft. Root cause: httpc_response:redirect/2 only updates the host field; other header fields are copied, with autored...

7.1CVSS5.5AI score0.00335EPSS
Exploits0References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.7 views

Amazon Linux 2023 : perl-libwww-perl, perl-libwww-perl-tests (ALAS2023-2026-1764)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1764 advisory. LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross- origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:27 p.m.10 views

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/19 2:46 a.m.18 views

MGASA-2026-0150 Updated perl-libwww-perl & perl-HTTP-Message packages fix security vulnerabilities

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/23 9:58 p.m.34 views

CVE-2026-41345 OpenClaw < 2026.3.31 - Authorization Header Leak via Cross-Origin Redirect in Media Download

OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by crafting malicious cross-origin redirect chains to intercept sensitive authorization credentials...

6CVSS0.00296EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-18754

Malware in sbrugna...

6.1CVSS6.8AI score0.01104EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-0131

Malware in sbrugna...

7.5CVSS7AI score0.07443EPSS
Exploits2References26
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-0024

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00496EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0622

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00642EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.5 views

EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2025-1994)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages...

7.5CVSS7AI score0.00729EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2025/06/25 8:16 a.m.3 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed Heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 CVE-2025-32050:Fixed Integer overflow in appendparamquoted bsc1240752 CVE-2025-32051:Fixed Segmentation fault when parsing malformed data URI...

8.8CVSS8AI score0.00847EPSS
Exploits1References64
Mageia
Mageia
added 2025/06/09 6:14 p.m.22 views

Updated golang packages fix security vulnerabilities

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of OCREATE|OEXCL on Unix and Windows os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when th...

7.5CVSS6.7AI score0.0056EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/05/29 1:33 p.m.2 views

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32052: Fixed heap buffer overflow in sniffunknown bsc1240756...

8.7CVSS7.9AI score0.00786EPSS
Exploits1References32
SUSE Linux
SUSE Linux
added 2025/05/09 12:7 a.m.2 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 CVE-2025-32050: Fixed Integer overflow in appendparamquoted bsc1240752 CVE-2025-32052: Fixed heap buffer overflow in sniffunknown bsc1240756...

8.7CVSS7.9AI score0.00786EPSS
Exploits1References32
OSV
OSV
added 2025/05/07 2:38 p.m.5 views

SUSE-SU-2025:1510-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 - CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 - CVE-2025-32051: Fixed segmentation fault when parsing malformed dat...

7.5CVSS7.1AI score0.00832EPSS
Exploits1References29
SUSE Linux
SUSE Linux
added 2025/05/07 2:37 p.m.1 views

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32052: Fixed heap buffer overflow in sniffunknown bsc1240756...

8.7CVSS7.3AI score0.00786EPSS
Exploits1References32
SUSE Linux
SUSE Linux
added 2025/05/07 12:6 p.m.3 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI...

8.8CVSS7.6AI score0.00847EPSS
Exploits1References64
Rows per page
Query Builder