Lucene search
K

1044 matches found

RedhatCVE
RedhatCVE
added yesterday2 views

CVE-2026-8926

A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...

9.1CVSS5.8AI score0.00196EPSS
Exploits0References6
NVD
NVD
added 4 days ago6 views

CVE-2026-8926

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

9.1CVSS0.00196EPSS
Exploits0References3
NVD
NVD
added 4 days ago5 views

CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS0.0025EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41510

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

6AI score0.0025EPSS
Exploits0References3
CVE
CVE
added 4 days ago17 views

CVE-2026-9079

CVE-2026-9079 affects libcurl 8.8.0 before 8.21.0, where a flaw in clearing proxy authentication credentials leaves old credentials available for subsequent transfers. This credential-disclosure issue is described across multiple sources (NVD, CIRCL, Debian, Ubuntu advisories, and curl’s page). I...

9.8CVSS6AI score0.0025EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 4 days ago11 views

CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS6AI score0.0025EPSS
Exploits0
OSV
OSV
added 6 days ago3 views

GHSA-JXPM-75MH-9FP7 oras-go blob upload vulnerable to credential forwarding via unvalidated Location header

Summary oras-go follows a registry-controlled Location header during the monolithic blob upload flow and reuses the Authorization header from the initial POST request for the subsequent PUT request. If a malicious registry returns a cross-host Location, oras-go can send the caller's credentials t...

7.5CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-54762

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 0.12.15 Fleet versions prior to 0.13.11 Fleet versions prior to 0.14.6 Fleet versions prior to 0.15.2 Description Fleet forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo field of a...

5CVSS6AI score0.00346EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/26 9:47 p.m.13 views

EUVD-2026-31654

Cargo can be coerced to share credentials between registries...

6.5CVSS7.1AI score0.00328EPSS
Exploits0References5
CVE
CVE
added 2026/06/26 8:3 p.m.13 views

CVE-2026-55188

RustFS’s ListRemoteTargetHandler in versions 1.0.0-alpha.1 through 1.0.0-beta.8 contains an authorization bypass that only checks for credentials and neglects to verify replication or admin permissions. This allows an authenticated user without bucket/admin rights to list remote replication targe...

8.2CVSS5.8AI score0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:15 p.m.5 views

CVE-2026-11703

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

6CVSS5.9AI score0.0021EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/24 2:0 p.m.4 views

UBUNTU-CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent tranfers that should not know nor use them...

9.8CVSS5.9AI score0.0025EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 8:0 a.m.24 views

CURL-CVE-2026-9079 stale proxy password leak

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS5.8AI score0.0025EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.26 views

CVE-2026-11819 Community.general: community.general keyring_info — os keyring passphrase returned in plaintext

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

5.5CVSS0.00128EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 3:48 p.m.32 views

CVE-2026-54304 n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...

7.1CVSS0.00353EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.12 views

CVE-2026-53632

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...

5.5CVSS0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 3:54 p.m.31 views

CVE-2026-53632 NTLMv2 hash disclosure via UNC path handling on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...

5.5CVSS0.00322EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 3:54 p.m.19 views

CVE-2026-53632

CVE-2026-53632 affects the npm package launch-editor . Before version 2.14.1, it can open arbitrary paths including Windows UNC paths; when a UNC path is opened Windows triggers NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled ...

5.5CVSS6AI score0.00322EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 3:41 p.m.18 views

CVE-2026-50169

The CVE-2026-50169 issue affects the Angular service worker (@angular/service-worker). The vulnerability stems from the request reconstruction path in the service worker, where an internal helper strips strict client-defined redirect policies (for example redirect: 'error'), causing the browser t...

6.1CVSS5.9AI score0.00165EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 3:32 p.m.7 views

CVE-2026-54264

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS5.9AI score0.00226EPSS
Exploits0
Rows per page
Query Builder