20 matches found
CVE-2026-53839 OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation
OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoin...
CVE-2026-53839
OpenClaw before 2026.5.7 has a hostname validation flaw in the retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. This can enable an attacker to craft a hostname prefix that resembles a trusted host, potentially causing authentication material to be sent to u...
CVE-2026-45575
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...
CVE-2026-45575
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...
EUVD-2026-32000
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...
CVE-2026-45575 epa4all-client: Improper Verification of Cryptographic Signature
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...
PT-2026-41396
Impact An attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects u ri puk idp enc and uri puk idp sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge...
VulnCheck KEV: CVE-2026-3564
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...
EUVD-2025-25751
Malicious code in bioql PyPI...
CVE-2025-6737 Securden Unified PAM Shared SSH Key and Cloud Infrastructure
Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions...
CVE-2025-0539
In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...
CVE-2025-0539
In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...
urllib3: proxy-authorization request header is not stripped during cross-origin redirects
A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...
urllib3: proxy-authorization request header is not stripped during cross-origin redirects
A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...
Mageia: Security Advisory (MGASA-2024-0347)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
urllib3: proxy-authorization request header is not stripped during cross-origin redirects
A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...
urllib3: proxy-authorization request header is not stripped during cross-origin redirects
A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...
urllib3: proxy-authorization request header is not stripped during cross-origin redirects
A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...
urllib3: proxy-authorization request header is not stripped during cross-origin redirects
A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...
urllib3: proxy-authorization request header is not stripped during cross-origin redirects
A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...