CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...

Directory Traversal

Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal via the handling of .map files in the dev server when resolving file paths. An attacker can access sensitive files outside the project root by injecting...

Directory Traversal

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal via the server.fs.deny function. An attacker can access restricted files by appending a backslash to the URL when the development server is running on Windows and is...

PT-2023-1878 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions 4.13.0 through 4.16.x Description: The issue allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock or npipe:////.pipe/docker engine linux on...