Lucene search
K

1296 matches found

Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45838

Name of the Vulnerable Software and Affected Versions tesla versions 1.4.0 through 1.18.2 Description Improper handling of case sensitivity in the Tesla.Middleware.FollowRedirects middleware allows credential leakage to third-party origins during cross-origin redirects. The system uses a...

8.2CVSS6AI score0.00396EPSS
Exploits2References13
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45796

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to...

7.1CVSS6.1AI score0.00305EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.17 views

PT-2026-45561

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...

7CVSS5.8AI score0.00382EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.14 views

CVE-2026-47673

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the jwt and jwk middlewares do not verify that the Authorization header value uses theBearer scheme. Any two-part header value — regardless of the scheme name in the first position — proceeds t...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 3:51 p.m.26 views

GHSA-654M-C8P4-X5FP Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix

Patch Bypass Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix in Axios 1.15.2 Summary The Object.createnull fix introduced in Axios 1.15.2 GHSA-q8qp-cvcw-x6jj protects the top-level config object from prototype pollution. However, nested objects created...

3.7CVSS5.8AI score0.00228EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/29 3:51 p.m.9 views

Prototype Pollution

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the setProxy function. An attacker can inject arbitrary credentials into the Proxy-Authorization header of proxied HTTP requests b...

9.1CVSS6.4AI score0.00549EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/05/29 3:30 p.m.20 views

GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

Summary GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. Affected users: - Authenticated github.com users who previously ran gh attestation commands, gh release verify, or...

9.1CVSS5.9AI score0.00289EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/29 3:14 p.m.11 views

EUVD-2026-33340

GitHub CLI gh is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

7.4CVSS5.8AI score0.00289EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/29 3:14 p.m.12 views

CVE-2026-48501

GitHub CLI gh is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

9.1CVSS5.8AI score0.00289EPSS
Exploits0
OSV
OSV
added 2026/05/29 1:33 p.m.13 views

OESA-2026-2464 perl-libwww-perl security update

The libwww-perl collection is a set of Perl modules which provides a simple and consistent application programming interface API to the World-Wide Web. The main focus of the library is to provide classes and functions that allow you to write WWW clients. The library also contain modules that are ...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 9:16 a.m.19 views

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS0.00332EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 8:24 a.m.13 views

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS5.8AI score0.00332EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 8:24 a.m.11 views

CVE-2026-49197 Predator Connect W6x: Improper Authentication

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS5.8AI score0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 8:24 a.m.27 views

CVE-2026-49197

The CVE affects web endpoints used by the Acer Connect app, where the Authorization header is not properly validated. The underlying issue is improper handling of Base64 decoding failures, allowing requests that should be blocked. CVSS indicates a CRITICAL impact with high consequences for confid...

10CVSS5.8AI score0.00332EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/29 8:24 a.m.19 views

EUVD-2026-33264

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS5.8AI score0.00332EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Acer Predator Connect W6x 安全漏洞

The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a security vulnerability. This vulnerability arises from the improper validation of the HTTP Authorization header by the Web endpoint of the...

10CVSS5.8AI score0.00332EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-44767

Name of the Vulnerable Software and Affected Versions Acer Connect affected versions not specified Description Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header. The system fails to block requests when the Base64 decoding process fails, allowing...

10CVSS5.8AI score0.00332EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.11 views

CVE-2026-44327

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handl...

10CVSS5.8AI score0.00311EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 6:55 p.m.11 views

GHSA-7J6W-VVW2-5F9C OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens

Impact In OpenBao's Kerberos auth method on the GET handler, or when an Authorization: Negotiate header is supplied, the response is includes a logical.Auth object in addition to an error message. This results in tokens being created with only the default policy, default TTL, and no entity...

5.3CVSS5.8AI score0.00083EPSS
Exploits0References5
NVD
NVD
added 2026/05/28 5:16 p.m.18 views

CVE-2026-47673

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the jwt and jwk middlewares do not verify that the Authorization header value uses theBearer scheme. Any two-part header value — regardless of the scheme name in the first position — proceeds t...

6.5CVSS0.00199EPSS
Exploits0References1
Rows per page
Query Builder