61 matches found
CVE-2026-50267
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...
CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...
CVE-2026-44503
CVE-2026-44503 affects the RedirectHandler in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0, and similar Kiota libraries). The root cause is that when following 3xx redirects to a different host or scheme, only the Authorization header is removed; Cookie, Proxy-Auth...
ai.pipestream:account-service (>=0.0.2 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.1 <=0.1.18) +133 more potentially affected by CVE-2026-44503 via com.microsoft.kiota:microsoft-kiota-abstractions (>=0.1.2 <=1.9.0)
com.microsoft.kiota:microsoft-kiota-abstractions MAVEN version =0.1.2, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.21, =0.1.7, =0.0.1, =0.7.23 and more Source cves: CVE-2026-44503 Source advisory: OSV:GHSA-7J59-V9QR-6FQ9...
NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect vulnerability discovered by ? in WordPress Npm kiota-typescript versions 1.0.0-preview.100...
abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +702 more potentially affected by CVE-2025-15379 via mlflow (>=3.0.0rc2 <=3.6.0rc0)
mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-15379 Source advisory: SNYK:PYTHON-MLFLOW-15825746...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Skin feature. An attacker can cause unauthorized theme loading and potentially execute arbitrary code by supplying crafted query parameters to load unused or outdated themes. Remediation Upgrade...
Vulnerability of the Microsoft.Identity.Abstractions component in the Microsoft Identity Web library, which allows a perpetrator to gain unauthorized access to protected information
The vulnerability of the Microsoft.Identity.Abstractions component in the Microsoft Identity Web library is related to the disclosure of information through registration files. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information...
Insertion of Sensitive Information into Log File
Overview Microsoft.Identity.Abstractions is a package containing interfaces and POCO classes used in the Microsoft .NET authentication libraries Microsoft.IdentityModel, MSAL.NET and Microsoft.Identity.Web. Affected versions of this package are vulnerable to Insertion of Sensitive Information int...
Using Spring AI 1.0.0-SNAPSHOT: Part 2 - Important Changes and Updates
Using Spring AI 1.0.0-SNAPSHOT: Part 2 - Important Changes and Updates This blog post is a continuation of our previous article Using Spring AI 1.0.0-SNAPSHOT: Important Changes and Updates, where we introduced the significant changes to artifact IDs, dependency management, and autoconfiguration ...
NuGet Package 'Microsoft.SemanticKernel.Abstractions' Detection
The remote host has a 'Microsoft.SemanticKernel.Abstractions' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...
Malicious code in Be.Vlaanderen.Basisregisters.ParcеlRegіstry.Api.BackOffice.Abstractions (NuGet)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-4047 Malicious code in Be.Vlaanderen.Basisregisters.ParcеlRegіstry.Api.BackOffice.Abstractions (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Be.Vlaanderen.Bаsisregisters.BuildingRеgistry.Api.Legacy.Abstractions (NuGet)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-4099 Malicious code in Be.Vlaanderen.Bаsisregisters.BuildingRеgistrу.Api.Legаcy.Abstractions (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Be.Vlaanderen.Bаsisregisters.BuildingRеgistrу.Api.Legаcy.Abstractions (NuGet)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-4135 Malicious code in Be.Vlaanderеn.Basisregisters.BuildingRegistry.Api.Oslo.Abstractioոs (NuGet)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-4157 Malicious code in Be.Vlaanderеո.Basisregisters.BuildingRegistry.Aрi.Oslo.Abstractioոs (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Be.Vlaanderеո.Basisregisters.BuildingRegistry.Aрi.Oslo.Abstractioոs (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Be.Vlaandеren.Basisregisters.TicketіngService.Abstractions (NuGet)
--- -= Per source details. Do not edit below this line.=-...