PT-2026-48602

internal/web/operators.go:251 — after handleOperatorCreateAPIKey mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?new key=&key name= The raw API key ends up: - in the browser's URL history - in the Referer header on every cross-origin asset the...

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

OESA-2021-1170 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS...

Rockstar Games: Referer Referer Header Leakage in language changer may lead to FB token theft

In this report, the researcher discovered an open redirect vulnerability that could be exploited by changing the language on the page at https://www.rockstargames.com/GTAOnline, and cause the user's full URL potentially including sensitive tokens to be included in the Referer header to the new...