Lucene search
K

5 matches found

NVD
NVD
added 2026/06/19 7:16 p.m.9 views

CVE-2026-49336

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...

6.9CVSS0.0065EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.16 views

PT-2026-43067

Name of the Vulnerable Software and Affected Versions benoitc hackney versions 3.1.1 through 4.0.0 Description A sensitive data exposure issue exists where the HTTP/3 redirect handler in src/hackney h3.erl passes original request headers to a redirect target without performing cross-origin checks...

6.1CVSS5.8AI score0.00348EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.5 views

CBL Mariner 2.0 Security Update: libsoup (CVE-2025-46421)

The version of libsoup installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-46421 advisory. - A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP...

6.8CVSS6.9AI score0.00478EPSS
Exploits0References2
OSV
OSV
added 2025/03/21 10:15 p.m.11 views

AZL-59209 CVE-2025-30204 affecting package azcopy for versions less than 10.25.1-5

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.7AI score0.00693EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/06/27 12:0 a.m.6 views

CVE-2022-31090 CURLOPT_HTTPAUTH option not cleared on change of origin in Guzzle

Guzzle, an extensible PHP HTTP client. Authorization headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI wi...

7.7CVSS7.4AI score0.01762EPSS
Exploits0References4
Rows per page
Query Builder