Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added yesterday2 views

CVE-2026-9546

A flaw was found in libcurl. This vulnerability causes the HTTP Referer header to persist even after it has been explicitly cleared. This can lead to the previous referrer string being unintentionally reused and sent in subsequent requests, potentially disclosing sensitive information to unintend...

7.5CVSS5.7AI score0.00206EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51755

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists where the HTTP Referer: header persists even after being explicitly cleared. Although passing NULL to CURLOPT REFERER is intended to suppress the header, the internal state is...

5.9AI score0.00206EPSS
Exploits1References5
OSV
OSV
added 2026/03/05 7:50 p.m.5 views

GHSA-X9P5-W45C-7FFC Gogs: Access tokens get exposed through URL params in API requests

Summary The Gogs API still accepts tokens in URL parameters such as token and accesstoken, which can leak through logs, browser history, and referrers. Details A static review shows that the API still checks tokens in the URL query before looking at headers: - internal/context/auth.go reads...

6.9CVSS5.9AI score0.00254EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-6048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafte...

4.3CVSS6.7AI score0.01294EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.4 views

SUSE CVE-2018-6051

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page...

4.3CVSS8AI score0.01294EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.6 views

SUSE CVE-2018-6052

Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data...

4.3CVSS8.8AI score0.01349EPSS
Exploits0References5
OSV
OSV
added 2018/09/25 2:29 p.m.4 views

CVE-2018-6052

Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data...

4.3CVSS7.4AI score0.01349EPSS
Exploits0References6
OSV
OSV
added 2018/09/25 2:29 p.m.2 views

UBUNTU-CVE-2018-6052

Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data...

4.3CVSS6.7AI score0.01349EPSS
Exploits0References3
OSV
OSV
added 2018/09/25 2:29 p.m.3 views

UBUNTU-CVE-2018-6048

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page...

4.3CVSS7.3AI score0.01294EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2018/02/01 4:6 p.m.3 views

chromium-browser: referrer policy bypass in blink

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page...

4.3CVSS7.4AI score0.01294EPSS
Exploits0References5
Hacker One
Hacker One
added 2017/12/12 7:44 a.m.47 views

Deriv.com: Leaking Referrer in Reset Password Link

On 12th Dec flex0geek reported that binary.com was leaking password reset tokens through referer headers . At first this sight the report was closed as we had fixed this earlier and our code base seemed fine . Later on the researcher sent a video POC which did show that we were leaking password...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2017/09/04 7:53 a.m.50 views

Radancy: [Cross Domain Referrer Leakage] Password Reset Token Leaking to Third party Sites.

Domain and URL: https://werkenbijdefensie.nl Summary:: Password Reset Token Leaking to Third party Sites from the link in the footer Description: Hello, I found that the if a user request for a password reset link and open it but don't change the password and click on the Third Parties Sites link...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/06/29 4:21 p.m.47 views

WakaTime: Leaking password reset token via referrer from external Twitter share button

Hi Team, Description It has been identified that the application is leaking referrer token to third party sites. In this case it was found that the pasword reset token is being leaked to third party sites which is a issue knowing the fact that it can allow any malicious users to use the token and...

7.1AI score
Exploits0
Into the symmetry
Into the symmetry
added 2015/10/14 1:36 p.m.24 views

On (OAuth) token hijacks for fun and profit part #2 (Microsoft/xxx integration)

In a previous blogpost we have already analyzed a token hijack on one OAuth integration between some Microsoft and Google service and seen what went wrong. Now it is time to see yet another integration between Microsoft and xxxx unluckily I can't disclose the name of the other company due the fac...

6.4AI score
Exploits0
Hacker One
Hacker One
added 2014/04/10 9:46 p.m.25 views

IRCCloud: Leaking Referrer in Reset Password Link

I have found that you are leaking via the referrer the reset password link. I am attaching the photo as proof of concept that the site is indeed leaking the reset password link via the referrer. Thats when someone loads the reset password link and decided to click on external links. Its the time...

1.8AI score
Exploits0
Hacker One
Hacker One
added 2014/04/02 9:42 p.m.42 views

C2FO: Password reset token leakage through referrer at https://app.c2fo.com/password/reset/

Hi there, another bug I came across. There's a possible password reset token leakage on the password reset page. Steps to reproduce 1. Go to https://app.c2fo.com/password-reset and request a new password with your existing test account 2. Click on the password reset link which you'll receive via...

7.1AI score
Exploits0
Mozilla
Mozilla
added 2006/12/19 12:0 a.m.31 views

RSS Feed-preview referrer leak — Mozilla

Jared Breland reported on LEGROOM.net that when the new "Feed Preview" feature in Firefox 2.0 retrieves the icons of the installed web-based feed viewers it is potentially informing those services of your feed-browsing habits by sending the URL of the feed in a referrer header with each icon...

4.3CVSS6AI score0.01711EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder