Lucene search
K

131 matches found

Snyk
Snyk
added last week6 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the process that handles .netrc credential retrieval when a URL is specified with a username but without a password. An attacker can gain unauthorized access to sensitive information by exploiting...

9.1CVSS6AI score0.0061EPSS
Exploits1References2
CVE
CVE
added 2026/07/03 6:15 a.m.24 views

CVE-2026-8926

CVE-2026-8926 affects curl when using a .netrc file for credentials while the URL contains a username (no password). The vulnerability can cause curl to fetch and use the password of another user for the same host if a matching host exists in .netrc, leading to credential disclosure. The issue is...

9.1CVSS6AI score0.0061EPSS
Exploits1References3Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in requests

Requests is an HTTP library. Due to an URL parsing issue, versions of Requests before 2.32.4 may expose .netrc credentials to third parties for specific, maliciously crafted URLs. Users should upgrade to version 2.32.4 to resolve this issue. For earlier versions of Requests, the use of the .netrc...

5.3CVSS6.2AI score0.00846EPSS
Exploits1References2
NVD
NVD
added 2026/05/19 5:16 p.m.22 views

CVE-2026-47357

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...

9.2CVSS0.00482EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 3:53 p.m.9 views

CVE-2026-47357

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...

9.2CVSS5.8AI score0.00482EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 3:53 p.m.13 views

EUVD-2026-30957

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...

9.2CVSS5.8AI score0.00482EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 7:44 a.m.7 views

SUSE-SU-2026:1940-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

7.5CVSS5.8AI score0.00639EPSS
Exploits5References13
EUVD
EUVD
added 2026/05/14 3:31 p.m.38 views

EUVD-2026-29930

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS5.8AI score0.00519EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2026/05/14 8:2 a.m.10 views

netrc credential leak with reused proxy connection

...

5.3CVSS5.3AI score0.00519EPSS
Exploits1
CVE
CVE
added 2026/05/13 8:28 a.m.55 views

CVE-2026-6429

CVE-2026-6429 affects curl/libcurl. When both a .netrc credentials usage and HTTP redirects are requested, the first-host password could be leaked to the redirected host. The issue is characterized in CVE lists as a netrc credential leak with reused proxy connection. Connected advisories (e.g., S...

5.3CVSS5.8AI score0.00519EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/13 8:28 a.m.12 views

CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS5.8AI score0.00519EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/05/13 8:28 a.m.8 views

CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS5.8AI score0.00519EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability, which stems from improper handling of .netrc file credentials and HTTP redirection. This vulnerability may lead to password exposure...

5.3CVSS5.8AI score0.00519EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pip (UTSA-2026-016500)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016500 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-craft...

5.3CVSS6.6AI score0.00846EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.18 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : curl vulnerabilities (USN-8227-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8227-1 advisory. It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations....

7.5CVSS5.9AI score0.00639EPSS
Exploits7References8
OSV
OSV
added 2026/05/04 11:40 a.m.12 views

USN-8227-1 curl vulnerabilities

It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-4873 It was discovered that curl incorrectly reused certain HTTP Negotiate connection...

7.5CVSS5.9AI score0.00639EPSS
Exploits7References8
Ubuntu
Ubuntu
added 2026/05/04 11:40 a.m.9 views

USN-8227-1: curl vulnerabilities

It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-4873 It was discovered that curl incorrectly reused certain HTTP Negotiate connection...

7.5CVSS5.8AI score0.00639EPSS
Exploits7
UbuntuCve
UbuntuCve
added 2026/04/29 2:0 p.m.7 views

CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS5.8AI score0.00519EPSS
Exploits1References3
OSV
OSV
added 2026/04/29 8:0 a.m.6 views

CURL-CVE-2026-6429 netrc credential leak with reused proxy connection

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS5.4AI score0.00519EPSS
Exploits1
Snyk
Snyk
added 2026/04/29 12:0 a.m.10 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the reuse of a proxy connection during HTTP redirects when using .netrc for credentials. An attacker can obtain sensitive credential information by intercepting traffic if both the...

6.5CVSS5.8AI score0.00519EPSS
Exploits1References2
Rows per page
Query Builder