CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

CVE-2026-44503

CVE-2026-44503 affects the RedirectHandler in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0, and similar Kiota libraries). The root cause is that when following 3xx redirects to a different host or scheme, only the Authorization header is removed; Cookie, Proxy-Auth...

ai.pipestream:account-service (>=0.0.2 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.1 <=0.1.18) +107 more potentially affected by CVE-2026-44503 via com.microsoft.kiota:microsoft-kiota-abstractions (>=0.10.0 <=1.9.0)

com.microsoft.kiota:microsoft-kiota-abstractions MAVEN version =0.10.0, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.21, =0.1.7, =0.0.1, =0.7.23 and more Source cves: CVE-2026-44503 Source advisory: OSV:GHSA-7J59-V9QR-6FQ9...

NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect vulnerability discovered by ? in WordPress Npm kiota-typescript versions 1.0.0-preview.100...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +660 more potentially affected by CVE-2025-15379 via mlflow (>=3.0.0rc2 <=3.6.0rc0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2025-15379 Source advisory: SNYK:PYTHON-MLFLOW-15825746...

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Skin feature. An attacker can cause unauthorized theme loading and potentially execute arbitrary code by supplying crafted query parameters to load unused or outdated themes. Remediation Upgrade...

Insertion of Sensitive Information into Log File

Overview Microsoft.Identity.Abstractions is a package containing interfaces and POCO classes used in the Microsoft .NET authentication libraries Microsoft.IdentityModel, MSAL.NET and Microsoft.Identity.Web. Affected versions of this package are vulnerable to Insertion of Sensitive Information int...

Using Spring AI 1.0.0-SNAPSHOT: Part 2 - Important Changes and Updates

Using Spring AI 1.0.0-SNAPSHOT: Part 2 - Important Changes and Updates This blog post is a continuation of our previous article Using Spring AI 1.0.0-SNAPSHOT: Important Changes and Updates, where we introduced the significant changes to artifact IDs, dependency management, and autoconfiguration ...

NuGet Package 'Microsoft.SemanticKernel.Abstractions' Detection

The remote host has a 'Microsoft.SemanticKernel.Abstractions' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

Malicious code in Be.Vlaanderen.Basisregisters.ParcеlRegіstry.Api.BackOffice.Abstractions (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4047 Malicious code in Be.Vlaanderen.Basisregisters.ParcеlRegіstry.Api.BackOffice.Abstractions (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Bаsisregisters.BuildingRеgistry.Api.Legacy.Abstractions (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Bаsisregisters.BuildingRеgistrу.Api.Legаcy.Abstractions (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4099 Malicious code in Be.Vlaanderen.Bаsisregisters.BuildingRеgistrу.Api.Legаcy.Abstractions (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4135 Malicious code in Be.Vlaanderеn.Basisregisters.BuildingRegistry.Api.Oslo.Abstractioոs (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderеո.Basisregisters.BuildingRegistry.Aрi.Oslo.Abstractioոs (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4157 Malicious code in Be.Vlaanderеո.Basisregisters.BuildingRegistry.Aрi.Oslo.Abstractioոs (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaandеren.Basisregisters.TicketіngService.Abstractions (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4169 Malicious code in Be.Vlaandеren.Basisregisters.TicketіngService.Abstractions (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaandеrеn.Basisregisters.NisCodeService.Abstractions (NuGet)

--- -= Per source details. Do not edit below this line.=-...