Lucene search
K

325 matches found

OSV
OSV
added 2026/01/07 9:28 a.m.4 views

SUSE-SU-2026:0052-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...

5.3CVSS5.8AI score0.00679EPSS
Exploits3References9
OSV
OSV
added 2026/01/07 9:28 a.m.2 views

SUSE-SU-2026:0050-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...

5.3CVSS5.8AI score0.00679EPSS
Exploits3References9
OSV
OSV
added 2026/01/07 8:0 a.m.5 views

CURL-CVE-2025-14524 bearer token leak on cross-protocol redirect

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.8AI score0.00611EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/01/07 8:0 a.m.20 views

bearer token leak on cross-protocol redirect

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS5.9AI score0.00611EPSS
Exploits1References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-14524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or...

5.3CVSS6.5AI score0.00611EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/01/06 7:0 a.m.7 views

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.1AI score0.00611EPSS
Exploits1References3
OSV
OSV
added 2026/01/06 7:0 a.m.5 views

UBUNTU-CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.1AI score0.00611EPSS
Exploits1References4
Hacker One
Hacker One
added 2025/12/09 6:1 p.m.10 views

curl: CVE-2025-14524: bearer token leak on cross-protocol redirect

Summary: A vulnerability exists in libcurl regarding the handling of OAuth2 Bearer tokens CURLOPTXOAUTH2BEARER during HTTP redirects. While libcurl correctly clears standard authentication credentials CURLOPTUSERPWD when following a redirect to a different host, port, or protocol a security...

5.7CVSS7.6AI score0.01595EPSS
Exploits2
OSV
OSV
added 2025/12/03 11:44 a.m.4 views

BIT-NGINX-GATEWAY-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS6.9AI score0.02037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Insufficiently Protected Credentials (CVE-2022-27774)

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTPS redirects is used with authentication could leak credentials to other services that exist on different protocols ...

5.7CVSS6.7AI score0.01595EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2018-6562

Malware in sbrugna...

8.8CVSS8.6AI score0.00716EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-12937

Malware in sbrugna...

4.7CVSS4.9AI score0.00573EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.21 views

EUVD-2016-1698

Malware in sbrugna...

7.4CVSS7.5AI score0.02147EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-19507

Malware in sbrugna...

6.1CVSS6.2AI score0.02304EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-26922

Malware in sbrugna...

7.4CVSS7.5AI score0.02037EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-27510

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.03074EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-4010

Malicious code in bioql PyPI...

7.4CVSS7.5AI score0.02147EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-7544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password...

9.1CVSS7.3AI score0.01899EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:50 a.m.8 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.2AI score0.00719EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 12:58 p.m.8 views

CVE-2018-20379

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001...

4.7CVSS6.3AI score0.00573EPSS
Exploits1References1
Rows per page
Query Builder