PT-2026-43067

Name of the Vulnerable Software and Affected Versions benoitc hackney versions 3.1.1 through 4.0.0 Description A sensitive data exposure issue exists where the HTTP/3 redirect handler in src/hackney h3.erl passes original request headers to a redirect target without performing cross-origin checks...

CBL Mariner 2.0 Security Update: libsoup (CVE-2025-46421)

The version of libsoup installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-46421 advisory. - A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP...

AZL-59209 CVE-2025-30204 affecting package azcopy for versions less than 10.25.1-5

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

CVE-2022-31090 CURLOPT_HTTPAUTH option not cleared on change of origin in Guzzle

Guzzle, an extensible PHP HTTP client. Authorization headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI wi...