Lucene search
K

6 matches found

SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.10 views

SUSE CVE-2026-48856

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

7.1CVSS5.3AI score0.00335EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 2:41 p.m.9 views

EEF-CVE-2026-48856 httpc leaks Authorization header to cross-origin redirect targets

Summary Sensitive Data Exposure vulnerability in Erlang OTP inets httpc\response module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

7.1CVSS5.4AI score0.00335EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Erlang/OTP 代码问题漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by Node.js’s built-in APIs. There were code vulnerabilities in versions of Erlang/OTP inets 5.10.4 to 7.0, as well as in versions of ftp 1.0 to 1.2.6.4, 1.2.4.1, and 1.2.3.1. These...

6.5CVSS5.4AI score0.00234EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/08 11:26 p.m.10 views

SUSE CVE-2026-28808

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

7.4CVSS5.8AI score0.0053EPSS
Exploits0References6
OSV
OSV
added 2026/04/07 1:16 p.m.3 views

DEBIAN-CVE-2026-28808

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

9.8CVSS5.3AI score0.0053EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-23941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This...

9.4CVSS7.1AI score0.00528EPSS
Exploits0References2
Rows per page
Query Builder