CVE-2026-48856

This CVE affects Erlang OTP inets (httpc_response) where cross-origin 3xx redirects copy Authorization and Proxy-Authorization headers to the redirect target, enabling credential theft. Root cause: httpc_response:redirect/2 only updates the host field; other header fields are copied, with autored...

Amazon Linux 2023 : perl-libwww-perl, perl-libwww-perl-tests (ALAS2023-2026-1764)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1764 advisory. LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross- origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before...

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

MGASA-2026-0150 Updated perl-libwww-perl & perl-HTTP-Message packages fix security vulnerabilities

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects...

CVE-2026-41345 OpenClaw < 2026.3.31 - Authorization Header Leak via Cross-Origin Redirect in Media Download

OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by crafting malicious cross-origin redirect chains to intercept sensitive authorization credentials...

EUVD-2021-18754

Malware in sbrugna...

EUVD-2018-0131

Malware in sbrugna...

EUVD-2025-0024

Malicious code in bioql PyPI...

EUVD-2024-0622

Malicious code in bioql PyPI...

EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2025-1994)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed Heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 CVE-2025-32050:Fixed Integer overflow in appendparamquoted bsc1240752 CVE-2025-32051:Fixed Segmentation fault when parsing malformed data URI...

Updated golang packages fix security vulnerabilities

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of OCREATE|OEXCL on Unix and Windows os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when th...

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32052: Fixed heap buffer overflow in sniffunknown bsc1240756...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 CVE-2025-32050: Fixed Integer overflow in appendparamquoted bsc1240752 CVE-2025-32052: Fixed heap buffer overflow in sniffunknown bsc1240756...

SUSE-SU-2025:1510-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 - CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 - CVE-2025-32051: Fixed segmentation fault when parsing malformed dat...

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32052: Fixed heap buffer overflow in sniffunknown bsc1240756...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI...

CVE-2025-31491 AutoGPT allows leakage of cross-domain cookies and protected headers in requests redirect

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests...

Linux Distros Unpatched Vulnerability : CVE-2024-3574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party...

CVE-2024-3574

In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across...