Lucene search
K

21 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/05 7:32 p.m.7 views

CVE-2026-45300

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...

7.4CVSS5.5AI score0.00322EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.12 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libwww-perl vulnerability (USN-8378-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8378-1 advisory. It was discovered that libwww-perl incorrectly handled redirects. A remote attacker could possibly use this issue to obtain...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-47977

Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers...

5CVSS6.8AI score0.00298EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/10/15 12:0 a.m.6 views

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2ECS-2025-075 (ALASECS-2025-075)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-075 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking...

6.8CVSS6.5AI score0.0056EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/15 12:0 a.m.2 views

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2025-071 (ALASNITRO-ENCLAVES-2025-071)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-071 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potential...

6.8CVSS6.5AI score0.0056EPSS
Exploits0References4
Amazon
Amazon
added 2025/10/14 12:0 a.m.4 views

Medium: amazon-ecr-credential-helper

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: amazon-ecr-credential-helper Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this pa...

6.8CVSS7AI score0.0056EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

EulerOS 2.0 SP10 : golang (EulerOS-SA-2025-2069)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...

6.8CVSS6.5AI score0.0056EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/09/10 12:0 a.m.4 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-2097)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.7AI score0.0056EPSS
Exploits0References2
Amazon
Amazon
added 2025/07/30 12:0 a.m.5 views

Medium: docker

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: docker Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Lin...

6.8CVSS7AI score0.0056EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/07/21 12:0 a.m.3 views

EulerOS 2.0 SP12 : golang (EulerOS-SA-2025-1821)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate...

6.1CVSS6.5AI score0.00647EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.6 views

Amazon Linux 2 : docker (ALASDOCKER-2025-070)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-070 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive...

6.8CVSS6.5AI score0.0056EPSS
Exploits0References4
Amazon
Amazon
added 2025/06/24 12:0 a.m.6 views

Medium: golang

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

6.8CVSS7AI score0.0056EPSS
Exploits0
OSV
OSV
added 2025/06/17 9:27 p.m.5 views

CVE-2025-49593 Portainer HTTP Headers May Leak to Malicious Container Registries

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to register a maliciou...

6.8CVSS6.8AI score0.00347EPSS
Exploits0References5
Snyk
Snyk
added 2025/06/11 4:23 p.m.5 views

Insertion of Sensitive Information Into Sent Data

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data. Go Vulnerability Report: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially...

8.9CVSS6.7AI score0.0056EPSS
Exploits0References3
OSV
OSV
added 2023/02/10 2:15 p.m.12 views

SUSE-SU-2023:0362-1 Security update for grafana

This update for grafana fixes the following issues: - Version update from 8.5.13 to 8.5.15 jscPED-2617: CVE-2022-39306: Security fix for privilege escalation bsc1205225 CVE-2022-39307: Omit error from http response when user does not exists bsc1205227 CVE-2022-39201: Do not forward login cookie i...

8.1CVSS6.2AI score0.01228EPSS
Exploits0References13
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:2 p.m.65 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2019-9517 DESCRIPTION: Multiple...

7.4AI score0.87806EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/24 11:44 a.m.43 views

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management

Summary There are vulnerabilities in Node.js used by IBM® Cloud App Management. IBM® Cloud App Management has addressed the applicable CVEs in a later version. Vulnerability Details CVEID: CVE-2019-9513 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop...

7.8CVSS0.9AI score0.87806EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/08/20 12:0 a.m.75 views

FreeBSD : NGINX -- Multiple vulnerabilities (87679fcb-be60-11e9-9051-4c72b94353b5) (0-Length Headers Leak) (Data Dribble) (Resource Loop)

NGINX Team reports : Several security issues were identified in nginx HTTP/2 implementation which might cause excessive memory consumption and CPU usage CVE-2019-9511, CVE-2019-9513, CVE-2019-9516. The issues affect nginx compiled with the ngxhttpv2module not compiled by default if the http2 opti...

7.8CVSS7.4AI score0.82017EPSS
Exploits0References5
Node JS Blog
Node JS Blog
added 2019/08/16 12:0 a.m.65 views

August 2019 Security Releases

August 2019 Security Releases Node.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for more information. Updates are now available for all...

7.8CVSS7.7AI score0.87806EPSS
Exploits1
CERT
CERT
added 2019/08/13 12:0 a.m.127 views

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Overview Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service DoS attacks. Description The Security Considerations section of RFC7540 discusses some of the considerations needed for HTTP/2 connections as they demand more resources to operate than HTTP/1.1 connections...

7.8CVSS7.7AI score0.87806EPSS
Exploits1References6
Rows per page
Query Builder