Lucene search
K

539 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.5 views

Fedora 45 : libsoup3 (2026-6fb683df94)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6fb683df94 advisory. Automatic update for libsoup3-3.6.6-6.fc45. Changelog Thu Mar 19 2026 Milan Crha - 3.6.6-6 - Add patch for CVE-2026-1539 Also remove Proxy-Authorization head...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 10:1 a.m.4 views

OPENSUSE-SU-2026:20384-1 Security update for libsoup

This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...

9.1CVSS7AI score0.00821EPSS
Exploits2References18
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.6 views

RockyLinux 8 : python27:2.7 (RLSA-2023:7042)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:7042 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the RockyLinux...

6.1CVSS6.8AI score0.02974EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.7 views

MiracleLinux 9 : fence-agents-4.10.0-98.el9_7.10 (AXBA:2026-317:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2026-317:06 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is...

8.9CVSS6.9AI score0.02667EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-26175

Summary ewe's chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9 header names. Security-sensitive headers like authorization, cookie, and x-forwarded-for can be injected or overwritten by a malicious client...

5.3CVSS5.9AI score0.00386EPSS
Exploits1References8
CVE
CVE
added 2026/03/11 10:9 a.m.20 views

CVE-2026-3784

CVE-2026-3784 affects curl where an HTTP proxy connection reused during a CONNECT request with different proxy credentials. This is the underlying issue described in the initial CVE entry: a separate connection should be used when credentials differ. Connected feeds indicate a patch is available ...

6.5CVSS5.8AI score0.00302EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup2 (SUSE-SU-2026:0811-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0811-1 advisory. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests...

5.8CVSS6.1AI score0.00423EPSS
Exploits1References10
SUSE Linux
SUSE Linux
added 2026/03/04 9:33 a.m.6 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441...

8.8CVSS5.9AI score0.00423EPSS
Exploits1References12
OSV
OSV
added 2026/02/17 9:3 a.m.12 views

RLSA-2023:7034 Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

6.1CVSS5.5AI score0.27095EPSS
Exploits4References3
OSV
OSV
added 2026/02/17 9:3 a.m.14 views

RLSA-2023:7050 Moderate: python38:3.8 and python38-devel:3.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

6.1CVSS8.4AI score0.27095EPSS
Exploits4References3
Rockylinux
Rockylinux
added 2026/02/17 9:3 a.m.9 views

python38:3.8 and python38-devel:3.8 security update

An update is available for module.modwsgi, module.python-psutil, python-packaging, module.Cython, module.python3x-setuptools, module.python-wcwidth, module.python-ply, python-psycopg2, python-psutil, python-chardet, module.python-pluggy, python-lxml, python-pysocks, python-wcwidth, python-pluggy,...

9.8CVSS8.4AI score0.27095EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/02/17 12:0 a.m.8 views

RockyLinux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2023:7050)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7050 advisory. python: tarfile module directory traversal CVE-2007-4559 python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has...

9.8CVSS7.8AI score0.27095EPSS
Exploits4References5
Ubuntu
Ubuntu
added 2026/02/08 11:40 p.m.7 views

USN-8020-1: libsoup vulnerabilities

It was discovered that libsoup did not correctly handle certain URL-decoded input, which could allow for HTTP header injection. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2026-1467, CVE-2026-1536 It was discovered that libsoup did n...

5.8CVSS6AI score0.00312EPSS
Exploits2
Amazon
Amazon
added 2026/02/05 12:0 a.m.12 views

Medium: python3.13-pip

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possib...

8.9CVSS8.5AI score0.01141EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1412)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1412 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expecte...

8.9CVSS5.9AI score0.01141EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2026/01/30 12:26 a.m.8 views

SUSE CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References13
NVD
NVD
added 2026/01/28 4:16 p.m.8 views

CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

5.8CVSS0.00237EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/01/28 4:16 p.m.7 views

CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

5.8CVSS6AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2026/01/28 4:16 p.m.3 views

UBUNTU-CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

5.8CVSS5.9AI score0.00237EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/28 3:15 p.m.3 views

CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References2
Rows per page
Query Builder