Lucene search
K

237 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43310

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score0.00259EPSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday19 views

CVE-2026-15574 Vllm-orchestrator-gateway: vllm-orchestrator-gateway: authorization header and full chat payloads logged at hard-coded debug default

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS0.00259EPSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-15574

The CVE-2026-15574 issue affects the vllm-orchestrator-gateway component, where the production binary logs incoming authorization headers and full chat payloads, potentially exposing PII, secrets, bearer tokens, and conversation content. This data exposure arises from a hard-coded debug/default l...

7.5CVSS6AI score0.00259EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score0.00259EPSS
Exploits0References3
NVD
NVD
added 4 days ago5 views

CVE-2026-59180

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py...

3.1CVSS0.00195EPSS
Exploits0References4
Cvelist
Cvelist
added last week39 views

CVE-2026-7017 HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

0.0026EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 11:55 p.m.5 views

GHSA-WW5P-J6CJ-6MQQ Nezha Dashboard: DDNS and Notification credential exposure via unredacted list API

Summary The GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials — Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram webhook URLs with embedded bot tokens, and Authorization header values — withou...

6.9CVSS5.8AI score0.00304EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 9:56 p.m.16 views

EUVD-2026-31692

Hackney: Cross-origin Redirect Leaks Authorization, Cookie, and Request Body...

6.1CVSS5.8AI score0.00348EPSS
Exploits1References5
OSV
OSV
added 2026/06/24 1:13 p.m.7 views

OESA-2026-2727 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements maxredirects, and removes only the Host header. It does not clear...

5.8AI score0.00052EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/17 6:21 p.m.7 views

Use of Cache Containing Sensitive Information

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the cache interceptor. An attacker can obtain another user's authenticated response data by exploiting...

8.9CVSS7.1AI score0.00374EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.11 views

Use of Cache Containing Sensitive Information

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the cache interceptor. An attacker can obtain another user's authenticated response data by exploiting whitespace-padded...

8.9CVSS7.1AI score0.00374EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Medium: perl-libwww-perl

Issue Overview: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorizatio...

6.5CVSS5.4AI score0.00266EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2 : perl-libwww-perl, --advisory ALAS2-2026-3325 (ALAS-2026-3325)

The version of perl-libwww-perl installed on the remote host is prior to 6.05-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3325 advisory. LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross- origin redirects...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41181

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. The errors custom error pages middleware can inadvertently expose end-user credentials. When a backend returns a response matching a configured status range, the middleware forwards the original request's complete header set,...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.8 views

Fedora 43 : perl-libwww-perl (2026-3b48ba7dc7)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3b48ba7dc7 advisory. Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects a different scheme,...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.12 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libwww-perl vulnerability (USN-8378-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8378-1 advisory. It was discovered that libwww-perl incorrectly handled redirects. A remote attacker could possibly use this issue to obtain...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/03 1:33 p.m.11 views

USN-8378-1: libwww-perl vulnerability

It was discovered that libwww-perl incorrectly handled redirects. A remote attacker could possibly use this issue to obtain sensitive information by causing Authorization headers to be sent to a different host...

6.5CVSS5.4AI score0.00266EPSS
Exploits0
OSV
OSV
added 2026/05/26 12:59 a.m.19 views

MAL-2026-4723 Malicious code in weavedb-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25ff456baf684075b65ecf808bbfe36cbf91811fb4b04b70c13a3dd9d8a9403 package.json declares "preinstall": "./tools/setup", where tools/setup is a 976KB stripped Linux x86-64 ELF binary sha256...

5.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/25 7:33 a.m.13 views

CVE-2026-8368

A flaw was found in LWP::UserAgent, a component of perl-libwww-perl. This vulnerability allows a remote attacker to obtain a user's credentials by redirecting a request to an attacker-controlled host. When processing a redirect, the LWP::UserAgent fails to properly strip Authorization and...

6.5CVSS5.7AI score0.00266EPSS
Exploits0References7
Rows per page
Query Builder