Lucene search
K

2496 matches found

CVE
CVE
added yesterday10 views

CVE-2026-54780

CoreWCF WS-Security 1.0 receive pipeline does not validate ds:Reference DigestMethod while validating ds:SignedInfo SignatureMethod, allowing a rejection of digest algorithms (e.g., SHA-1) to be bypassed in affected versions. Affected components include CoreWCF and CoreWCF.Primitives; fixed in Co...

3.7CVSS5.9AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

7.8CVSS6AI score0.00256EPSS
Exploits0References4Affected Software1
CVE
CVE
added 3 days ago29 views

CVE-2026-54763

Traefik (HTTP reverse proxy/load balancer) before versions v2.11.51, v3.6.22, and v3.7.6 allows underscore-variant identity spoofing via BasicAuth, DigestAuth, and ForwardAuth middlewares. These middlewares strip canonical header names but don’t account for underscore-variant headers, letting an ...

10CVSS6AI score0.00256EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-54763 Traefik: headerField underscore-variant identity spoofing in BasicAuth / DigestAuth / ForwardAuth

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

7.8CVSS0.00256EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 3 days ago4 views

CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

10CVSS6AI score0.00256EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 3 days ago4 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS6.7AI score0.02719EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-56011

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.51 Traefik versions prior to 3.6.22 Traefik versions prior to 3.7.6 Description Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares fail to account for underscore-variant header names when stripping...

10CVSS5.9AI score0.00256EPSS
Exploits0References7
Snyk
Snyk
added 6 days ago7 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the Authorization header handling process. An attacker can cause sensitive authentication information to be sent to an unintended origin by reusing a handle for transfers to different HTTP origins...

9.8CVSS6AI score0.00771EPSS
Exploits1References2
Snyk
Snyk
added 6 days ago5 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the process of reusing a handle for sequential transfers with environment-variable proxy configuration. An attacker can cause sensitive authentication headers to be sent to an...

9.1CVSS6AI score0.00589EPSS
Exploits1References2
NVD
NVD
added 6 days ago7 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS0.00589EPSS
Exploits1References3
OSV
OSV
added 6 days ago6 views

ALPINE-CVE-2026-11856

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS6AI score0.00771EPSS
Exploits1References1
NVD
NVD
added 6 days ago8 views

CVE-2026-11856

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS0.00771EPSS
Exploits1References3
CVE
CVE
added 6 days ago21 views

CVE-2026-8927

CVE-2026-8927 involves libcurl when reusing a handle for sequential transfers driven by environment-variable proxies. The root cause is failure to clear proxy authentication state between requests, causing a Digest-auth session authenticated to proxyA to leak the Proxy-Authorization header to pro...

9.1CVSS5.9AI score0.00589EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 6 days ago41 views

CVE-2026-8927 env-set cross-proxy Digest auth state leak

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

0.00589EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 6 days ago6 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.9AI score0.00589EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago56 views

CVE-2026-11856 cross-origin Digest auth state leak

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

0.00771EPSS
Exploits1References3
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-41501

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

6AI score0.00771EPSS
Exploits1References3
CVE
CVE
added 6 days ago26 views

CVE-2026-11856

CVE-2026-11856 describes a cross-origin Digest authentication state leak in libcurl. When a transfer is performed to hostA using Digest auth and the origin is then changed to hostB while reusing the same handle, libcurl may forward the Authorization header intended for hostA to hostB. This is a h...

9.8CVSS6AI score0.00771EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 6 days ago5 views

CVE-2026-11856

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS6AI score0.00771EPSS
Exploits1References3
OSV
OSV
added 6 days ago4 views

UBUNTU-CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.5AI score0.00367EPSS
Exploits0References6
Rows per page
Query Builder